[asterisk-dev] GSoC: Implementing Networking Security Framework for DOS attacks

John Todd jtodd at digium.com
Tue Mar 24 14:55:18 CDT 2009 

Sorry to follow up on my own thread, but this perfectly-timed letter  
seemed to call out pretty well some of the issues I put in my just- 
prior message.  Anecdotally, these problems and attacks have seen a  
sharp upwards trend recently and Asterisk is as vulnerable as any  
other SIP platform at the moment.

This person is probably an Asterisk neophyte.  They now are in the  
hole for probably a pretty good chunk of money, and some bottom-feeder  
has benefitted, and perhaps called your number last night with auto  
warranty calls or whatever.  You might laugh at the victim's  
simplicity, but that's a mistake - everyone was a beginner at some  
point, and bad experiences like this aren't merely detrimental to  
individuals: they detract from the BUSINESS, and I suspect everyone  
here has a concern on that detraction.  If this person reports this  
problem in their workplace, then I can guarantee that all of us will  
suffer in some small way as VoIP becomes thought of as "less secure"  
or "prone to fraud".

You might suggest that they picked bad passwords and extensions, and  
that might be true.  But if we (the development community) can create  
some method that would (somewhat) protect this person against  
automated tools in a way that did not detract significantly from the  
functionality of Asterisk, then why _shouldn't_ we do it?  I don't  
think there's much argument that better active security would be a  
good thing in Asterisk and in all VoIP platforms.  Defense against  
abuse is a matter of incremental change - there is no complete  
solution, but we can try harder.  Who wants to help on that security  
framework document and code?


Begin forwarded message:

> Date: March 24, 2009 12:30:07 PM PDT
> To: jtodd at digium.com
> Subject: [General] thousends of random calls thru extatins to area  
> code 337.
>
> [snip] sent a message using the contact form at
> http://www.asterisk.org/contact.
>
> Hello,
>
> I would like to report a problem that put me in very bad situation.  
> I have
> asterisk server running with my voip. yesterday the phone was not  
> working
> and it would give the voice mail immediately. I have done reset to the
> server ( remotely) twice and then late at night around 22:00 I saw  
> that i
> have voice mails ( nasty ones) then I check my call logs and was  
> shocked !,
> a thousands of calls made from two of my extensions ( 100 and 200)  
> to area
> code 337 in the USA to different numbers. I have tuned off the  
> server and
> connected back the ATA that I got from the VOIP provider. I will  
> need help
> to find out how it's happen. Is it a bug?
> I hope I did not get into trouble buy having people receiving  
> thousands of
> call from my home phone.
>
> Please let me know if there is anything I can do in order to find  
> out what
> happen.
> Thank You,
> [snip]
>



JT

---
John Todd                       email:jtodd at digium.com
Digium, Inc. | Asterisk Open Source Community Director
445 Jan Davis Drive NW -  Huntsville AL 35806  -   USA
direct: +1-256-428-6083         http://www.digium.com/

More information about the asterisk-dev mailing list