[asterisk-dev] security breach via call-limit/groupcount

Marek Cervenka cervajs at fpf.slu.cz
Mon Feb 24 10:34:33 CST 2014


hi,

i have access to one box with asterisk 1.8 where attacker can go through 
call-limit/groupcount

sip scenario was
INVITE from: X TO: Y
INVITE (authorization) from: X TO: Y
INVITE (in-dialog) from: X TO: Y
REFER (in-dialog) refer-by: X refer-TO: Y

in cdr i see (there is groupcount info)
src,dst,billsec,userfield, dialstatus
X,Y, T>5, groupcount=1:call-limit=2, ANSWERED
X,Y, T<5, groupcount=2:call-limit=2, ANSWERED
X,Y, T>5, groupcount=1:call-limit=2, ANSWERED
X,Y, T<5, groupcount=2:call-limit=2, ANSWERED
...

it seems like the sip scenario resetting the groupcount info and 
call-limit is not working

i'm trying asterisk-dev if some experienced developer can confirm that 
sip scenario cannot "harm" Asterisk
do you think the upgrade to Asterisk 11 can help?

-- 
---------------------------------------
Marek Cervenka
=======================================




More information about the asterisk-dev mailing list