[Asterisk-Users] Problem with SIP and DOS attacks...
Steven Critchfield
critch at basesys.com
Wed Oct 15 13:44:17 MST 2003
On Wed, 2003-10-15 at 15:22, Alex Lopez wrote:
> There was a tread that I googled for and could not find about Asterisk
> being open to SIP DOS Attacks. I have a customer whose machine was
> hammered last light by traffic on its SIP port causing the OS to use
> up its resources. Namely number of open files. The discussion was
> around the fact that the Sip protocol answers requests without regard
> to authentication. Can anyone comment on this????
You had limited google help due to your misunderstanding of the problem.
Use
asterisk sip vulnerability
http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=asterisk+sip+vulnerability&btnG=Google+Search
This is not a DoS, it is a remote exploit. Since you seemed to not
understand it by the above message I'll give a quick run down of the two
different types of attack.
A DoS attack can be as simple as a flood of messages. It could be
specially crafted messages that require your computer to bog down trying
to service them, or just a large number of them.
A remote exploit means that you can run certain code from remote without
authentication. As in most of us run asterisk as root, so anyone that is
able to instruct asterisk to do something will get it run by the root
user.
Next, if you had been a competent admin, you would have done your
updates on all the machines back then since the update was put into CVS
around 8-15. If you are 2 months behind on your patching, you need to
consider tools that help you get this done.
--
Steven Critchfield <critch at basesys.com>
More information about the asterisk-users
mailing list