[asterisk-dev] security breach via call-limit/groupcount
Marek Cervenka
cervajs at fpf.slu.cz
Tue Jul 8 07:47:31 CDT 2014
i made another round of research
i want fill issue in jira but i want create sip scenario for easier
replication
is there some visual tool/service which can generate sip scenario for
sipp? (something like https://www.websequencediagrams.com/)
thanks
Dne 24.2.2014 17:34, Marek Cervenka napsal(a):
> hi,
>
> i have access to one box with asterisk 1.8 where attacker can go
> through call-limit/groupcount
>
> sip scenario was
> INVITE from: X TO: Y
> INVITE (authorization) from: X TO: Y
> INVITE (in-dialog) from: X TO: Y
> REFER (in-dialog) refer-by: X refer-TO: Y
>
> in cdr i see (there is groupcount info)
> src,dst,billsec,userfield, dialstatus
> X,Y, T>5, groupcount=1:call-limit=2, ANSWERED
> X,Y, T<5, groupcount=2:call-limit=2, ANSWERED
> X,Y, T>5, groupcount=1:call-limit=2, ANSWERED
> X,Y, T<5, groupcount=2:call-limit=2, ANSWERED
> ...
>
> it seems like the sip scenario resetting the groupcount info and
> call-limit is not working
>
> i'm trying asterisk-dev if some experienced developer can confirm that
> sip scenario cannot "harm" Asterisk
> do you think the upgrade to Asterisk 11 can help?
>
--
---------------------------------------
Marek Cervenka
=======================================
More information about the asterisk-dev
mailing list