----- John Todd <[EMAIL PROTECTED]> wrote: > Are we just as vulnerable with SIP from a > similar threat?
In a way, yes. The real problem with IAX2 is the inherent limit in the number of calls that a single IAX2 implementation can be involved in (due to the 15-bit call number limit). However, a SIP server is vulnerable as well; if a peer sends INVITEs for a username that requires authentication but never responds to the 401/407 messages that are returned, the server will have to hold the dialog info state for those INVITEs in memory until the session timers expire. Even without a built-in limitation in the protocol, it's still ridiculously easy to consume large amounts of memory/CPU on the target server. -- Kevin P. Fleming Senior Software Engineer Digium, Inc. _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Security mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-security
