Re: [Asterisk-Users] Can bad person with SIPp attack Asterisk ?
Any more info how to configure Asterisk to limit the number of calls concurrently ? Thanks in advance, Robert. - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 29, 2004 12:50 AM Subject: RE: [Asterisk-Users] Can bad person with SIPp attack Asterisk ? Hello I would say, First of all, for users who are authenticated, so really can make calls, just configure asterisk to limit the number of calls users can make concurrently Next, put a firewall in front of your asterisk box which rate limits the number of connection attempts per second per host.. If you limit this to lets say about 25 to 50 connection attempts per second per host I would say you're pretty safe and your asterisk box can't really get overloaded with malicious packets. this burst limit depends on your config as you might get much traffic from certain IP's ofcourse Niels -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Flynn Sent: donderdag 28 oktober 2004 23:54 To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: RE: [Asterisk-Users] Can bad person with SIPp attack Asterisk ? On 10/28/2004, Patrick [EMAIL PROTECTED] wrote: Absolutely. Some things that come to mind: configure your firewall to only accept SIP, IAX2 etc connections from/to IP addresses of the remote servers you interact with. Wouldn't this, though, not be possible when you're running a public-type service like FWD etc? Unless they know in advance where their customers are calling from, which I don't think they do. I am sure there are more ways to enhance security and would welcome further input from the community. Perhaps the info from this threat could then be the start of the Asterisk Security Howto document. What would be good is if someone from FWD with a proven track record would be so kind as to give pointers on how they handle security on their platforms. About running * non-root. Any information how to go about this? How would you exactly configure this? What about zaptel libpri? Apache setup for e.g. * vmail or astcc interaction, CDR registration (file or DB) etc. You could start out by looking at http://voip-info.org/tiki-index.php?page=Asterisk+non-root Cheers Flynn ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] Can bad person with SIPp attack Asterisk ?
Check these url's http://www.voip-info.org/wiki-Asterisk+cmd+CheckGroup http://www.voip-info.org/wiki-Asterisk+cmd+SetGroup http://www.voip-info.org/wiki-Asterisk+cmd+GetGroupCount Niels -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Rozman Sent: Friday, October 29, 2004 11:20 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [Asterisk-Users] Can bad person with SIPp attack Asterisk ? Any more info how to configure Asterisk to limit the number of calls concurrently ? Thanks in advance, Robert. - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 29, 2004 12:50 AM Subject: RE: [Asterisk-Users] Can bad person with SIPp attack Asterisk ? Hello I would say, First of all, for users who are authenticated, so really can make calls, just configure asterisk to limit the number of calls users can make concurrently Next, put a firewall in front of your asterisk box which rate limits the number of connection attempts per second per host.. If you limit this to lets say about 25 to 50 connection attempts per second per host I would say you're pretty safe and your asterisk box can't really get overloaded with malicious packets. this burst limit depends on your config as you might get much traffic from certain IP's ofcourse Niels -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Flynn Sent: donderdag 28 oktober 2004 23:54 To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: RE: [Asterisk-Users] Can bad person with SIPp attack Asterisk ? On 10/28/2004, Patrick [EMAIL PROTECTED] wrote: Absolutely. Some things that come to mind: configure your firewall to only accept SIP, IAX2 etc connections from/to IP addresses of the remote servers you interact with. Wouldn't this, though, not be possible when you're running a public-type service like FWD etc? Unless they know in advance where their customers are calling from, which I don't think they do. I am sure there are more ways to enhance security and would welcome further input from the community. Perhaps the info from this threat could then be the start of the Asterisk Security Howto document. What would be good is if someone from FWD with a proven track record would be so kind as to give pointers on how they handle security on their platforms. About running * non-root. Any information how to go about this? How would you exactly configure this? What about zaptel libpri? Apache setup for e.g. * vmail or astcc interaction, CDR registration (file or DB) etc. You could start out by looking at http://voip-info.org/tiki-index.php?page=Asterisk+non-root Cheers Flynn ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Can bad person with SIPp attack Asterisk ?
On Fri, 2004-10-29 at 05:20, Robert Rozman wrote: Any more info how to configure Asterisk to limit the number of calls concurrently ? This is done with app_groupcount and the SetGroup, CheckGroup, and GetGroupCount applications. More info here -- http://www.voip-info.org/wiki-Asterisk+cmd+SetGroup -Seth -- Seth Remington SaberLogic, LLC 661-B Weber Drive Wadsworth, Ohio 44281 Phone: (330)335-6442 Fax: (330)336-8559 ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] Can bad person with SIPp attack Asterisk ?
On Wed, 2004-10-27 at 23:54, Kevin Walsh wrote: Robert Rozman [EMAIL PROTECTED] wrote: sorry maybe dumb question. But could person with bad intent attack Asterisk PBX with SIPp tool ? I don't know what the SIPp tool is, but there are bound to be hidden security bugs in the Asterisk code, just waiting for someone to exploit. To mitigate this, you must not run Asterisk as root; Create a specific Asterisk user and group ID, and run Asterisk using that. Basic security precautions should be taken with all public-facing services - not just Asterisk. Absolutely. Some things that come to mind: configure your firewall to only accept SIP, IAX2 etc connections from/to IP addresses of the remote servers you interact with. Iirc in iptables there is also something called rate limiting to stop a DoS from eating all your resources. You can also configure allow/deny IP address in *. I am sure there are more ways to enhance security and would welcome further input from the community. Perhaps the info from this threat could then be the start of the Asterisk Security Howto document. About running * non-root. Any information how to go about this? How would you exactly configure this? What about zaptel libpri? Apache setup for e.g. * vmail or astcc interaction, CDR registration (file or DB) etc. Regards, Patrick ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] Can bad person with SIPp attack Asterisk ?
On 10/28/2004, Patrick [EMAIL PROTECTED] wrote: Absolutely. Some things that come to mind: configure your firewall to only accept SIP, IAX2 etc connections from/to IP addresses of the remote servers you interact with. Wouldn't this, though, not be possible when you're running a public-type service like FWD etc? Unless they know in advance where their customers are calling from, which I don't think they do. I am sure there are more ways to enhance security and would welcome further input from the community. Perhaps the info from this threat could then be the start of the Asterisk Security Howto document. What would be good is if someone from FWD with a proven track record would be so kind as to give pointers on how they handle security on their platforms. About running * non-root. Any information how to go about this? How would you exactly configure this? What about zaptel libpri? Apache setup for e.g. * vmail or astcc interaction, CDR registration (file or DB) etc. You could start out by looking at http://voip-info.org/tiki-index.php?page=Asterisk+non-root Cheers Flynn ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] Can bad person with SIPp attack Asterisk ?
Hello I would say, First of all, for users who are authenticated, so really can make calls, just configure asterisk to limit the number of calls users can make concurrently Next, put a firewall in front of your asterisk box which rate limits the number of connection attempts per second per host.. If you limit this to lets say about 25 to 50 connection attempts per second per host I would say you're pretty safe and your asterisk box can't really get overloaded with malicious packets. this burst limit depends on your config as you might get much traffic from certain IP's ofcourse Niels -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Flynn Sent: donderdag 28 oktober 2004 23:54 To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: RE: [Asterisk-Users] Can bad person with SIPp attack Asterisk ? On 10/28/2004, Patrick [EMAIL PROTECTED] wrote: Absolutely. Some things that come to mind: configure your firewall to only accept SIP, IAX2 etc connections from/to IP addresses of the remote servers you interact with. Wouldn't this, though, not be possible when you're running a public-type service like FWD etc? Unless they know in advance where their customers are calling from, which I don't think they do. I am sure there are more ways to enhance security and would welcome further input from the community. Perhaps the info from this threat could then be the start of the Asterisk Security Howto document. What would be good is if someone from FWD with a proven track record would be so kind as to give pointers on how they handle security on their platforms. About running * non-root. Any information how to go about this? How would you exactly configure this? What about zaptel libpri? Apache setup for e.g. * vmail or astcc interaction, CDR registration (file or DB) etc. You could start out by looking at http://voip-info.org/tiki-index.php?page=Asterisk+non-root Cheers Flynn ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Can bad person with SIPp attack Asterisk ?
[EMAIL PROTECTED] wrote: Hello I would say, First of all, for users who are authenticated, so really can make calls, just configure asterisk to limit the number of calls users can make concurrently Next, put a firewall in front of your asterisk box which rate limits the number of connection attempts per second per host.. If you limit this to lets say about 25 to 50 connection attempts per second per host I would say you're pretty safe and your asterisk box can't really get overloaded with malicious packets. this burst limit depends on your config as you might get much traffic from certain IP's ofcourse Niels With SIP and IAX, it's UDP (* doesn't do TCP SIP) you can spoof the source address. An attack similar to TCP SYN attack would work. Actually there's better attacks I can think of. Low cpu auth replys would partly solve it with IAX, moving to TCP (even TLS) with SIP is much safer. -Adam ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] Can bad person with SIPp attack Asterisk ?
They could send lots of traffic and DoS you sure... nothing specific to Asterisk. Otherwise, they'd have to rely on a security hole in the software itself. I don't know of any, and I'm sure they'd get fixed really fast if they were found... -Michael -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Rozman Sent: Wednesday, October 27, 2004 2:33 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: [Asterisk-Users] Can bad person with SIPp attack Asterisk ? Hi, sorry maybe dumb question. But could person with bad intent attack Asterisk PBX with SIPp tool ? Can Asterisk be overloaded this way and not working OK for the rest of conversations ? Regards, Robert. ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Can bad person with SIPp attack Asterisk ?
Hi, I was more concerned about SIP calls. SIPp is a tool that can do test load for Asterisk PBX - it can generate lots of SIP paralel calls to Asterisk. I wonder if this is something that bad person could use to cripple Asterisk server ? Regards, Robert. - Original Message - From: Michael Giagnocavo [EMAIL PROTECTED] To: 'Asterisk Users Mailing List - Non-Commercial Discussion' [EMAIL PROTECTED] Sent: Wednesday, October 27, 2004 10:51 PM Subject: RE: [Asterisk-Users] Can bad person with SIPp attack Asterisk ? They could send lots of traffic and DoS you sure... nothing specific to Asterisk. Otherwise, they'd have to rely on a security hole in the software itself. I don't know of any, and I'm sure they'd get fixed really fast if they were found... -Michael -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Rozman Sent: Wednesday, October 27, 2004 2:33 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: [Asterisk-Users] Can bad person with SIPp attack Asterisk ? Hi, sorry maybe dumb question. But could person with bad intent attack Asterisk PBX with SIPp tool ? Can Asterisk be overloaded this way and not working OK for the rest of conversations ? Regards, Robert. ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] Can bad person with SIPp attack Asterisk ?
Robert Rozman [EMAIL PROTECTED] wrote: sorry maybe dumb question. But could person with bad intent attack Asterisk PBX with SIPp tool ? I don't know what the SIPp tool is, but there are bound to be hidden security bugs in the Asterisk code, just waiting for someone to exploit. To mitigate this, you must not run Asterisk as root; Create a specific Asterisk user and group ID, and run Asterisk using that. Basic security precautions should be taken with all public-facing services - not just Asterisk. -- _/ _/ _/_/_/_/ _/_/ _/_/_/ _/_/ _/_/_/ _/_/ _/_/_/_/_/ _/ K e v i n W a l s h _/ _/_/ _/ _/ _/_/ _/_/[EMAIL PROTECTED] _/ _/ _/_/_/_/ _/_/_/_/ _/_/ ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users