[asterisk-security] Asterisk and DoS attack: What has been done so far?
Duane
duane at e164.org
Tue Jan 29 21:27:30 CST 2008
Abu 'Ubayd Fadil wrote:
> So, I am planning to solve this problem and need more information if
> anything has been done regarding this so far.
Most people 'solve' security issues with Asterisk by putting something
else in front of it (like OpenSER etc)...
When I was making code to test if a SIP address is accepting calls etc I
made a few mistakes and ended up causing a DoS with RTP by accident, I
could easily see this leading to smurf style attacks using RTP instead
of ICMP...
--
Best regards,
Duane
http://www.freeauth.org - Enterprise Two Factor Authentication
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://e164.org - Because e164.arpa is a tax on VoIP
"In the long run the pessimist may be proved right,
but the optimist has a better time on the trip."
More information about the asterisk-security
mailing list