There was a tread that I googled for and could not find about Asterisk being open to SIP DOS Attacks. I have a customer whose machine was hammered last light by traffic on its SIP port causing the OS to use up its resources. Namely number of open files. The discussion was around the fact that the Sip protocol answers requests without regard to authentication. Can anyone comment on this???? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20031015/08cc97a1/attachment.htm
Steven Critchfield
2003-Oct-15 13:44 UTC
[Asterisk-Users] Problem with SIP and DOS attacks...
On Wed, 2003-10-15 at 15:22, Alex Lopez wrote:> There was a tread that I googled for and could not find about Asterisk > being open to SIP DOS Attacks. I have a customer whose machine was > hammered last light by traffic on its SIP port causing the OS to use > up its resources. Namely number of open files. The discussion was > around the fact that the Sip protocol answers requests without regard > to authentication. Can anyone comment on this????You had limited google help due to your misunderstanding of the problem. Use asterisk sip vulnerability http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=asterisk+sip+vulnerability&btnG=Google+Search This is not a DoS, it is a remote exploit. Since you seemed to not understand it by the above message I'll give a quick run down of the two different types of attack. A DoS attack can be as simple as a flood of messages. It could be specially crafted messages that require your computer to bog down trying to service them, or just a large number of them. A remote exploit means that you can run certain code from remote without authentication. As in most of us run asterisk as root, so anyone that is able to instruct asterisk to do something will get it run by the root user. Next, if you had been a competent admin, you would have done your updates on all the machines back then since the update was put into CVS around 8-15. If you are 2 months behind on your patching, you need to consider tools that help you get this done. -- Steven Critchfield <critch@basesys.com>