jwexler at mail.usa.com
2010-Aug-06 06:08 UTC
[asterisk-users] Security - What inbound variables can attackers populate or use when calling?
I am setting filters, etc. on variables that attackers can send asterisk when they call (for example when they initially call into asterisk). So far, I am filtering: exten CALLERID(name) CALLERID(num) What other fields or variables would an attacker be able to use in the packets that they send when placing the call to asterisk? Further, I am assuming that in the case that an attacker, first, simply dials in normally and then after reaching voice prompts or other, starts his/her attack, then all I need to filter in that case is exten. Anything else here as well? Thanks!! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20100806/d753a889/attachment.htm
mike mosier
2010-Aug-07 02:51 UTC
[asterisk-users] Security - What inbound variables can attackers populate or use when calling?
What kind of attack can they reform calling in? On Aug 6, 2010 1:12 AM, <jwexler at mail.usa.com> wrote:> I am setting filters, etc. on variables that attackers can send asterisk > when they call (for example when they initially call into asterisk). > > So far, I am filtering: > > exten > > CALLERID(name) > > CALLERID(num) > > > > What other fields or variables would an attacker be able to use in the > packets that they send when placing the call to asterisk? > > > > Further, I am assuming that in the case that an attacker, first, simply > dials in normally and then after reaching voice prompts or other, starts > his/her attack, then all I need to filter in that case is exten. Anything > else here as well? > > > > Thanks!! >-------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20100806/6a21611d/attachment.htm