[asterisk-users] AST-2009-006: IAX2 Call Number Resource Exhaustion
Tilghman Lesher
tilghman at mail.jeffandtilghman.com
Sat Sep 5 09:46:37 CDT 2009
On Friday 04 September 2009 17:03:09 Gordon Henderson wrote:
> I've been hanging out with IAX, thinking it's the "right thing", but more
> and more I'm thinking of moving to SIP, and I think this will be the straw
> that tips the balance as it were. I've a few 100 boxes out there which
> would all eventually need upgrading, and for some, it's just not going to
> be possible to upgrade the underlying asterisk, so it's going to be just
> as easy to move to SIP which is what I'm going to do.
Just to be clear, this same attack is possible on SIP, although server
resources are the limit there, instead of call number space. So with call
tokens in place, IAX2 is now safer to use than SIP, in terms of an attacker
attempting to exhaust your call resources.
--
Tilghman & Teryl
with Peter, Cottontail, Midnight, Thumper, & Johnny (bunnies)
and Harry, BB, & George (dogs)
More information about the asterisk-users
mailing list