[asterisk-dev] Another IAX2 problem with the latest security fix ...

Nic Bellamy nicb-lists at vadacom.co.nz
Thu May 29 17:22:32 CDT 2008

Russell Bryant wrote:
> My proposed fix is to change the logic for enforcing accurate destination call 
> numbers.  Since this was done to combat traffic amplification, I propose that 
> this enforcement is only done on frames that are responsible for completing the 
> handshake to start a call.  Essentially, that means _only_ doing this 
> enforcement on an ACK, and no other full frames.
> The benefit to this is that we prevent traffic amplification from hosts that 
> have no way to figure out the destination call number, while doing so in such a 
> way that doesn't introduce problems with older Asterisk versions.
> --- Conclusion
> I plan on implementing and committing the proposed fix.  However, I wanted to 
> explain my logic and give everyone a chance to review all of the information and 
> disagree, in case I am missing something.

This approach sounds sane to me.

If you're quick off the mark with a patch, there's a long weekend coming 
up here that'd be perfect for some production environment testing :-)


Nic Bellamy,
Head Of Engineering, Vadacom Ltd - http://www.vadacom.co.nz/

More information about the asterisk-dev mailing list