[Asterisk-Users] Can bad person with SIPp attack Asterisk ?
Adam Hart
adam at teragen.com.au
Thu Oct 28 16:18:49 MST 2004
niels at wxn.nl wrote:
> Hello
>
> I would say,
>
> First of all, for users who are authenticated, so really can make calls,
> just configure asterisk to limit the number of calls users can make
> concurrently
>
> Next, put a firewall in front of your asterisk box which rate limits the
> number of connection attempts per second per host.. If you limit this to
> lets say about 25 to 50 connection attempts per second per host I would
> say you're pretty safe and your asterisk box can't really get overloaded
> with malicious packets. this burst limit depends on your config as you
> might get much traffic from certain IP's ofcourse
>
> Niels
>
With SIP and IAX, it's UDP (* doesn't do TCP SIP) you can spoof the
source address. An attack similar to TCP SYN attack would work. Actually
there's better attacks I can think of. Low cpu auth replys would partly
solve it with IAX, moving to TCP (even TLS) with SIP is much safer.
-Adam
More information about the asterisk-users
mailing list