[asterisk-users] The S word: Asterisk security

Steve Totaro stotaro at totarotechnologies.com
Tue Jul 1 11:58:26 CDT 2008


On Tue, Jul 1, 2008 at 11:56 AM, Kristian Kielhofner
<kkielhofner at star2star.com> wrote:
> On 7/1/08, randulo <spamsucks2005 at gmail.com> wrote:
>> Hi all,
>>
>>  As I mentioned briefly in the SIP takeover thread, I'd like to try to
>>  talk about security this coming Friday. I realize it is a holiday in
>>  the USA, but do geeks ever take a day off, especially
>>  security-conscious geeks? Mark Spencer once said "The Bug Tracker is
>>  never on vacation!".
>>
>>  We will try to start this subject this Friday, but I have no
>>  experience at all with this. If you know anyone who is good in this
>>  area and would like to share their expertise and talk about security
>>  in the asterisk and voip contexts, I'd like to hear from them,
>>  especially next Friday July 4th.
>>
>>  tia,
>>
>>  Randy
>>
>
> Randy,
>
>  I'd love to participate as long as no one minds me calling in from
> the beach... :)
>
>  I'm interested in developing my SIP DoS script (and any similar
> solutions).  While I'm reluctant to claim that it or anything like it
> could protect from a true DoS, it would offer some protection at the
> application level and that could make all the difference in some
> instances...
>
>  As far as wider Asterisk/security issues I think J. Oquendo would be
> a great guest (hint, hint).
>
> --
> Kristian Kielhofner
> NOT sent from my iPhone or Blackberry
>

"NOT sent from my iPhone or Blackberry" very funny, you could add the
typed with my thumbs line too. :)

As far as your DoS script, do you have a general idea on how the
conept would work?  Would you just drop the packets from the offending
IPs?

For security, how about an authentication retry setting in the sip
configuration?  After X amounts of failed auth or registration
attempts, block IP for Y amount of time.  It would seem fairly easy to
do using realtime with DB entries for IP blocks and expiration.  Then
a quick query of the same tables would allow an admin to put in
permanent rules on a firewall or ACL and also contact that ISP's abuse
dept.

Thanks,
Steve T



More information about the asterisk-users mailing list