[Asterisk-Users] Cisco 7960s

Matthew Hardeman mhast at papersoft.com
Fri Jul 11 09:23:29 MST 2003


I have an open ticket at cisco with status development review; workaround
provided.

I'm going to remind them of the potential security consequences later
today...

The tech I've been working with seems very competent, and I suspect this may
eventually get dealt with...

Matt Hardeman
PaperSoft

----- Original Message ----- 
From: "Josh Howlett" <josh.howlett at bristol.ac.uk>
To: <asterisk-users at lists.digium.com>
Sent: Friday, July 11, 2003 3:30 AM
Subject: Re: [Asterisk-Users] Cisco 7960s


> Cisco and bugtraq need to know this!
>
> josh.
>
> On Fri, 2003-07-11 at 09:21, Matthew Hardeman wrote:
> > Cisco should really be ashamed of this product...
> >
> > While it is physically well constructed, and has excellent sound
> > quality along with a very pleasant user interface, the device has
> > SERIOUS stability issues, unless you run your network with an iron
> > fist...
> >
> > Quite by accident, while configuring my Asterisk system to connect to
> > a Cisco 7960 via SIP in a standard office PBX type arrangement, I
> > discovered something interesting...
> >
> > By screwing around with both the source IP address of a SIP message,
> > along with certain IP addresses in the SIP message itself, it's quite
> > easy to crash the Cisco.
> >
> > In short, it would be trivial to DOS (by forcing continuous crashes
> > and the subsequent reboots) any Cisco 7960 that you can route UDP
> > packets to...
> >
> > Matt Hardeman
> > PaperSoft
> >
> >
> -- 
> -----------------------------------------------------------
> Josh Howlett, Networking & Digital Communications,
> Information Systems & Computing, University of Bristol, U.K.
> 'phone: 0117 928 7850 email: josh.howlett at bris.ac.uk
> ------------------------------------------------------------
>
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
>




More information about the asterisk-users mailing list