[asterisk-users] Security - What inbound variables can attackers populate or use when calling?

mike mosier trixboxce at gmail.com
Fri Aug 6 21:51:58 CDT 2010


What kind of attack can they reform calling in?

On Aug 6, 2010 1:12 AM, <jwexler at mail.usa.com> wrote:
> I am setting filters, etc. on variables that attackers can send asterisk
> when they call (for example when they initially call into asterisk).
>
> So far, I am filtering:
>
> exten
>
> CALLERID(name)
>
> CALLERID(num)
>
>
>
> What other fields or variables would an attacker be able to use in the
> packets that they send when placing the call to asterisk?
>
>
>
> Further, I am assuming that in the case that an attacker, first, simply
> dials in normally and then after reaching voice prompts or other, starts
> his/her attack, then all I need to filter in that case is exten. Anything
> else here as well?
>
>
>
> Thanks!!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20100806/6a21611d/attachment.htm 


More information about the asterisk-users mailing list