[asterisk-dev] Non-universalized log messages render security tools useless in Asterisk SVN-branch-1.8-r354348 or maybe other versions as well !!!

[Bruce B]

>
> 2) Your asterisk will immediately try to make the required connection (if
> it's
> configured this way, for example with allowguest=yes, which is necessary
> for
> people, wanting to be reachable for example by ENUM or other publicly
> available methods).
> It's possible that the call will be established BEFORE the incoming leg
> recognizes that nobody is there (because of the spoofed IP address) and it
> will cost you money (in the case that the attacker finds an unprotected
> prefix from your Asterisk outside). And somebody can maliciously make a
> fraud
> on you, if he wants, and you will be unable to find his identity, because
> he
> never sends a single packet with his real IP address! He can go even
> further
> and by systematically supplying an IP address of someone else, he can cause
> that you will block or maybe even try to prosecute an innocent person.
>
>
Sorry, I am not following your analogy at all. I have already said I use
allowguest=no (beside an if condition easily check for that). My Asterisk
server is not a court of law to prosecute innocent people :-) Remember that
hackers are looking for money and they just won't attack you for the heck
of it or to just confuse you.,


> > In that case maybe
> > Asterisk can pull the IP from network layer of the OS?!
>
> Of course it can, but please be informed, that at least on systems I'm
> running, a lot of attacks are done with spoofed source IP addresses.
>

There is no such thing as spoofed IP in the TCP/IP world. No one can ever
spoof their IP. PERIOD. If Asterisk takes the source address from OS
network layer then it won't be the spoofed IP. SIP packets IP spoofing is
more of a feature than even being called spoofing.

Best,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20120212/da464a09/attachment.htm>