[asterisk-users] Securing Asterisk and your network
Jay R. Ashworth
jra at baylink.com
Fri Jun 13 13:05:27 CDT 2008
On Fri, Jun 13, 2008 at 08:43:44PM +0300, Tzafrir Cohen wrote:
> > And if they fool your log analysis system, then it's regexes aren't
> > written tightly enough.
>
> Aparantly, getting the regex right is a bit trickier than people think.
>
> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4321
> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6302
>
> So getting this regex right is probably a bit tricky.
That can happen.
> > And, back on point, that particular sshblocker doesn't give a damn what
> > sshd writes in the syslog.
> >
> > And, no, it's actually not another service listening.
>
> It responds to external output. I can trigger it to run whenever I want.
> Pretty close to a "service".
Except that it's invisible to the outside world; it's a side-effect of
sshd, without even it's own port.
> Consider e.g. a spam filter used by a mail server. It might just as well
> have such remotely-exploitable security holes, if badly written. And the
> attacker does not even need direct access to the system running the spam
> filter.
>
> Or Asterisk handling proxied SIP/IAX traffic.
Sure, in general, being very particular about the taintedness of your
data is an important security practice...
Cheers,
-- jra
--
Jay R. Ashworth Baylink jra at baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://baylink.pitas.com '87 e24
St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
Those who cast the vote decide nothing.
Those who count the vote decide everything.
-- (Joseph Stalin)
More information about the asterisk-users
mailing list