Hi all, As I mentioned briefly in the SIP takeover thread, I'd like to try to talk about security this coming Friday. I realize it is a holiday in the USA, but do geeks ever take a day off, especially security-conscious geeks? Mark Spencer once said "The Bug Tracker is never on vacation!". We will try to start this subject this Friday, but I have no experience at all with this. If you know anyone who is good in this area and would like to share their expertise and talk about security in the asterisk and voip contexts, I'd like to hear from them, especially next Friday July 4th. tia, Randy
On 7/1/08, randulo <spamsucks2005 at gmail.com> wrote:> Hi all, > > As I mentioned briefly in the SIP takeover thread, I'd like to try to > talk about security this coming Friday. I realize it is a holiday in > the USA, but do geeks ever take a day off, especially > security-conscious geeks? Mark Spencer once said "The Bug Tracker is > never on vacation!". > > We will try to start this subject this Friday, but I have no > experience at all with this. If you know anyone who is good in this > area and would like to share their expertise and talk about security > in the asterisk and voip contexts, I'd like to hear from them, > especially next Friday July 4th. > > tia, > > Randy >Randy, I'd love to participate as long as no one minds me calling in from the beach... :) I'm interested in developing my SIP DoS script (and any similar solutions). While I'm reluctant to claim that it or anything like it could protect from a true DoS, it would offer some protection at the application level and that could make all the difference in some instances... As far as wider Asterisk/security issues I think J. Oquendo would be a great guest (hint, hint). -- Kristian Kielhofner NOT sent from my iPhone or Blackberry
Dan York gave a security presentation at Astricon. I've heard the recording he made of that session but it has yet to be published. He may be available, as least as a representative of VOIPSA. Michael Graves mgraves <at> mstvp.com o(713) 861-4005 c(713) 201-1262 sip:mjgraves at pixelpower.onsip.com skype mjgraves FWD 54245> -------- Original Message -------- > Subject: Re: [asterisk-users] The S word: Asterisk security > From: "Kristian Kielhofner" <kkielhofner at star2star.com> > Date: Tue, July 01, 2008 10:56 am > To: "Asterisk Users Mailing List - Non-Commercial > Discussion"<asterisk-users at lists.digium.com> > > > On 7/1/08, randulo <spamsucks2005 at gmail.com> wrote: > > Hi all, > > > > As I mentioned briefly in the SIP takeover thread, I'd like to try to > > talk about security this coming Friday. I realize it is a holiday in > > the USA, but do geeks ever take a day off, especially > > security-conscious geeks? Mark Spencer once said "The Bug Tracker is > > never on vacation!". > > > > We will try to start this subject this Friday, but I have no > > experience at all with this. If you know anyone who is good in this > > area and would like to share their expertise and talk about security > > in the asterisk and voip contexts, I'd like to hear from them, > > especially next Friday July 4th. > > > > tia, > > > > Randy > > > > Randy, > > I'd love to participate as long as no one minds me calling in from > the beach... :) > > I'm interested in developing my SIP DoS script (and any similar > solutions). While I'm reluctant to claim that it or anything like it > could protect from a true DoS, it would offer some protection at the > application level and that could make all the difference in some > instances... > > As far as wider Asterisk/security issues I think J. Oquendo would be > a great guest (hint, hint). > > -- > Kristian Kielhofner > NOT sent from my iPhone or Blackberry > > _______________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > AstriCon 2008 - September 22 - 25 Phoenix, Arizona > Register Now: http://www.astricon.net > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users
On Jul 1, 2008, at 11:29 AM, randulo wrote:> Hi all, > > As I mentioned briefly in the SIP takeover thread, I'd like to try to > talk about security this coming Friday. I realize it is a holiday in > the USA, but do geeks ever take a day off, especially > security-conscious geeks? Mark Spencer once said "The Bug Tracker is > never on vacation!". > > We will try to start this subject this Friday, but I have no > experience at all with this. If you know anyone who is good in this > area and would like to share their expertise and talk about security > in the asterisk and voip contexts, I'd like to hear from them, > especially next Friday July 4th. > > tia, > > RandyI love it. I'm celebrating the 4th with a 2000 mile motorcycle ride :) I'll do my best to make it for the conference. Fred Posner www.voiptechchat.com -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2162 bytes Desc: not available Url : http://lists.digium.com/pipermail/asterisk-users/attachments/20080701/79614fe7/attachment.bin
Headset mic? Drive safe ;-) Michael Graves mgraves <at> mstvp.com o(713) 861-4005 c(713) 201-1262 sip:mjgraves at pixelpower.onsip.com skype mjgraves FWD 54245> -------- Original Message -------- > Subject: Re: [asterisk-users] The S word: Asterisk security > From: Fred Posner <fred at teamforrest.com> > Date: Tue, July 01, 2008 12:30 pm > To: Asterisk Users Mailing List - Non-Commercial > Discussion<asterisk-users at lists.digium.com> > > > On Jul 1, 2008, at 11:29 AM, randulo wrote: > > > Hi all, > > > > As I mentioned briefly in the SIP takeover thread, I'd like to try to > > talk about security this coming Friday. I realize it is a holiday in > > the USA, but do geeks ever take a day off, especially > > security-conscious geeks? Mark Spencer once said "The Bug Tracker is > > never on vacation!". > > > > We will try to start this subject this Friday, but I have no > > experience at all with this. If you know anyone who is good in this > > area and would like to share their expertise and talk about security > > in the asterisk and voip contexts, I'd like to hear from them, > > especially next Friday July 4th. > > > > tia, > > > > Randy > > I love it. I'm celebrating the 4th with a 2000 mile motorcycle ride :) > I'll do my best to make it for the conference. > > > Fred Posner > www.voiptechchat.com<hr>_______________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > AstriCon 2008 - September 22 - 25 Phoenix, Arizona > Register Now: http://www.astricon.net > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users