[asterisk-dev] Client Puzzle Protocol in SIP
Tzafrir Cohen
tzafrir.cohen at xorcom.com
Sun Feb 17 09:36:35 CST 2008
On Sun, Feb 17, 2008 at 10:14:07AM -0500, Fadil Sutomo wrote:
> Hi Tzafrir,
>
> Thanks for your reply..
> I am not planning to prevent DOS attacks completely. And I am not
> interested as well in programming each legitimate client connected to
> Asterisk.
>
> But again, my plan is only want to test client-puzzle mechanism in Asterisk
> nothing else, really. So, I would like to know what happen to the attacker
> if Asterisk responds with cryptographic puzzle.
> If the attacker sends 100,000 junk INVITE (maybe INVITE message to
> non-existent client), then Asterisk will respond with a puzzle that the
> attacker has to solve, which "maybe" will mitigate the DOS from this
> attacker.
If this makes the reply to the invite longer, then it has increased the
impact of Asterisk as a potential amplifier for DoS attacks (think of
the attacker sending 100,000 invites to my PBX with your PBX as the
source address)
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.cohen at xorcom.com
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir
More information about the asterisk-dev
mailing list