[asterisk-security] Asterisk and DoS attack: What has been done so far?

Kevin P. Fleming kpfleming at digium.com
Wed Jan 30 06:24:41 CST 2008


Abu 'Ubayd Fadil wrote:

> What I am thinking right now is to use some kind of authentication,
> perhaps using OpenSSL, so that Asterisk can filter which packet to
> process, and which one to dump.
> 
> Any comments, suggestions, critics? What do you guys think?

All that will accomplish is to make the problem worse. The DoS is not
usually making Asterisk do too much *real work*, it's just sending it
large volumes of traffic it must ignore. Adding complexity to figure out
which traffic to ignore and which to process will just increase the
workload.

The larger issue though is that 'adding authentication ... using
OpenSSL' is all well and good if all your endpoints support it. If they
don't, you have to continue to use the existing mechanisms for
communication.

-- 
Kevin P. Fleming
Director of Software Technologies
Digium, Inc. - "The Genuine Asterisk Experience" (TM)



More information about the asterisk-security mailing list