[asterisk-users] AST-2009-006: IAX2 Call Number Resource Exhaustion

Steve Edwards asterisk.org at sedwards.com
Fri Sep 4 19:11:48 CDT 2009 

On Fri, 4 Sep 2009, Gordon Henderson wrote:

>> example, if multiple peers use the same authentication details, and 
>> they have not all upgraded to support call token validation, then the 
>> ones that do not support it will get locked out. Once an upgraded 
>> client successfully completes an authenticated call setup using call 
>> token validation, Asterisk will require it from then on.

Doesn't this introduce a new denial of service? If I (as the bad guy) 
connect (with call token validation) as a client that doesn't support CTV, 
how does the Admin "remove" the CTV requirement?

> I've been hanging out with IAX, thinking it's the "right thing", but 
> more and more I'm thinking of moving to SIP, and I think this will be 
> the straw that tips the balance as it were. I've a few 100 boxes out 
> there which would all eventually need upgrading, and for some, it's just 
> not going to be possible to upgrade the underlying asterisk, so it's 
> going to be just as easy to move to SIP which is what I'm going to do.
>
> I don't yet know what I'm going to do with the handfull of clients who 
> use IAX and Zoiper though. Persuade them to move to SIP, I guess - at 
> least Zoiper supports SIP now, but that's also a hassle as I've quite a 
> few clients who use a SIP phone on their desk, then Zoiper and IAX on 
> their laptop with identical credentials when on the road/home. (I 
> arrange the PBX to Dial(SIP/123&IAX2/123)
>
> And what about all those desk phones that support IAX? I almost bought a 
> pallet-load of them at one point - really glad I didn't now!

Hold on, Gordon :)

I don't think the "sky is falling" on IAX yet. This just means that IAX is 
not appropriate for outward facing non-VPN connections without ACLs 
(iptables) that don't support CTV.

-- 
Thanks in advance,
-------------------------------------------------------------------------
Steve Edwards       sedwards at sedwards.com      Voice: +1-760-468-3867 PST
Newline                                              Fax: +1-760-731-3000

More information about the asterisk-users mailing list