On Tue, 2006-07-18 at 08:19 -0700, John Todd wrote: > DoS notice for IAX2 here: http://xforce.iss.net/xforce/alerts/id/228 > > Of course, this has been "patched" in => 1.2.10 and is "old news" but > it got me thinking... Are we just as vulnerable with SIP from a > similar threat? I haven't tested, but was wondering if anyone had > real-world examinations or testbed experiments they could share. I > seem to recall some discussion about time-scaled blocking of hosts or > usernames that made repeatedly incorrect requests (similar to the > flap dampening methods with some brands of routers.) Would this > help the problem or introduce a more dangerous threat from potential > memory overloads?
rate limiting on udp is difficult given how easy it is to spoof the IP. If you just wanna flood the server with SIP requests you can do that very quickly from a ton of different IPs. I have a program that does this, that is a proof of concept against a now patched asterisk vuln at http://www.trxtel.com/crashterisk.c and you can see how completly trivial it is to do this. _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Security mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-security
