[asterisk-dev] Message Responding with 202? Potential Abuse!
Bryant Zimmerman
BryantZ at zktech.com
Mon Aug 5 18:34:45 CDT 2013
When a Message request is sent to an asterisk server the server responds
with a 202 before it is sent to the dial plan.
This does not allow for any checks, or throttling prior to the 202 (Accept)
of the message. Most sms providers bill based on the 202 response.
This is opens major fraud/security as someone could send several thousand
sms messages and the customer would be billed with little to no control. Is
there a mechanism in place where the 202 is not sent until the message is
read or is there some other way to control this. We have already seen
abuse around this point. Compromised Google Voice accounts can become an
attack platform
Thanks
Bryant
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20130805/f81a4213/attachment.htm>
More information about the asterisk-dev
mailing list