[asterisk-dev] OT: Where Mailing List Replies Should Go
Jay R. Ashworth
jra at baylink.com
Sun Oct 8 18:51:40 MST 2006
On Sun, Oct 08, 2006 at 08:07:04PM -0500, J. Oquendo wrote:
> FYI I corrected my misfire in minutes (poop happens). No one managed
> to download the tool.
Good to hear. Yes, it does.
> My intentions were not to leak some stupid new DoS tool for kiddiots
> to run amok.
I hadn't the slightest thought that you might.
> I was testing the SIP protocol on a Sun 480r with
> Asterisk and found that a few mangled packets here and there did some
> horrible things. I also passed off information to CERT and Cisco
> regarding what I was seeing, but being the majority of the attacks
> seemed to affect Asterisk more, I contacted those who need to know.
And, alas, some who didn't. I've re-subjected this to tie into the OT
thread.
> So far off-list I had many requests for the tools and I have declined.
<hand salute>
<two>
> What I have thought about was something similar to BGP's
> dampening/flapping mechanisms to restrict some of the attacks.
You're familiar with randy bush's paper suggesting that BGP flap
dampening was a bad idea? (I wasn't either, but I ran across it the
other day, and it seemed pertinent to mention it here:
https://rip.psg.com/~randy/020910.zmao-flap.pdf )
Cheers,
-- jra
--
Jay R. Ashworth jra at baylink.com
Designer Baylink RFC 2100
Ashworth & Associates The Things I Think '87 e24
St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274
"That's women for you; you divorce them, and 10 years later,
they stop having sex with you." -- Jennifer Crusie; _Fast_Women_
More information about the asterisk-dev
mailing list