[Asterisk-Security] Day early and a dollar short? (IAX2 and SIP problems)

Bret McDanel bret at mcdanel.com
Tue Jul 18 08:44:54 MST 2006


On Tue, 2006-07-18 at 08:19 -0700, John Todd wrote:
> DoS notice for IAX2 here: http://xforce.iss.net/xforce/alerts/id/228
> 
> Of course, this has been "patched" in => 1.2.10 and is "old news" but 
> it got me thinking...  Are we just as vulnerable with SIP from a 
> similar threat?  I haven't tested, but was wondering if anyone had 
> real-world examinations or testbed experiments they could share.  I 
> seem to recall some discussion about time-scaled blocking of hosts or 
> usernames that made repeatedly incorrect requests (similar to the 
> flap dampening methods with some brands of routers.)   Would this 
> help the problem or introduce a more dangerous threat from potential 
> memory overloads?

rate limiting on udp is difficult given how easy it is to spoof the IP.
If you just wanna flood the server with SIP requests you can do that
very quickly from a ton of different IPs.  

I have a program that does this, that is a proof of concept against a
now patched asterisk vuln at http://www.trxtel.com/crashterisk.c and you
can see how completly trivial it is to do this.





More information about the Asterisk-Security mailing list