similar to: "Asterisk can be attacked using buffer overflow."

Hi All, I've been reading about Phil Zimmermann's ZRTP encryption scheme for SIP clients. This seems attactive but I don't use soft phones. I'm guessing that we'd need ZRTP support in Asterisk in order to use it to secure calls from hard phones. There seem to be issues with SRTP key exhange between various devices. So much so that the IETF is working on a standardization

What's the status of ZRTP supported by Asterisk? There was some discussion on the -dev list and -users list, but it was inconclusive. At about the same timeframe, a bug (#0010024) was opened and updated for several months, but has been "suspended" since late 2007. Does any version (1.4.x, 1.6.x) of Asterisk support ZRTP with clients (or with other servers)? Any successful testing

Dear people, does anybody try the ZRTP patch for Asterisk in order to have ZRTP encrytion among SIP/RTP calls ??? In other words, did anybody succesfully implement ZRTP in Asterisk ??? Any documentation about it ??? Special thanks Alejandro

On 10/28/2015 06:37 PM, Pete Mundy wrote: > Hi Motty, > > Isn't the whole point of the nonce in a SIP registration to ensure the > secret doesn't go on the wire in plain-text? Is this not enough, or > are you looking to hide the username too? > > (if so, fair 'nuf, just wondering why :) > > Pete > > Ps, if so then I think TLS is the missing part of

Hello List I am very interested in developing a research project on security protocol for VoIP, under the GPL. For some time I have been reviewing ZRTP, I would like to know the opinion having regard to whether and under asterisk, but I see that this closed implementations according am Http://bugs.digium.com/view.php?id=10024 Are Zphone and ZRTP the future for the Voip Security? Opinions?

Hello, I am searching for a solution to encrypt authentication from Asterisk server to clients. Searching srtp seem to encrypt traffic, I just want client authentication with encryption. Can someone point to the right direction? has anybody used ZRTP? experience with ZRTP? Thanks, _motty

> Asterisk Project Security Advisory - ASA-2007-010 > > +------------------------------------------------------------------------+ > | Product | Asterisk | > |--------------------+---------------------------------------------------| > | Summary | Two stack buffer overflows in SIP

> Asterisk Project Security Advisory - ASA-2007-010 > > +------------------------------------------------------------------------+ > | Product | Asterisk | > |--------------------+---------------------------------------------------| > | Summary | Two stack buffer overflows in SIP

Hello, well, I searched list-archive, cran and the references, but found nothing. Thus: Does anybody around here know anything about Dempster-Shafer Theory, Evidence Theory or Hints in R? Has anybody stumbled about a package that I overlooked or implemented something in this area? I really would like to not implement a hint-model a second time. My apologies if I missed something obvious, but I

A SipPulse acaba de liberar o TFPS (www.tfps.co), solu??o para combate a fraudes de fomento de tr?fego internacional em telefonia. O sistema ? capaz de detectar 99.99% das tentaivas de fraude em tempo real. Durante o Webinar, abordaremos como proteger servidores Asterisk e Elastix/FreePBX de fraudes, medidas basicas como configura??o de firewall e remo??o de servi?os desnecess?rios e em seguida

06.10.2015 1:22, Joshua Colp ?????: > On 15-10-05 05:58 PM, Dmitriy Serov wrote: >> 05.10.2015 23:24, Joshua Colp ?????: >>> On 15-10-05 05:22 PM, Dmitriy Serov wrote: >>>> Hello. Do I understand correctly that the current implementation >>>> res_pjsip does not support ZRTP? >>>>

Hello. Do I understand correctly that the current implementation res_pjsip does not support ZRTP? http://lists.digium.com/pipermail/asterisk-dev/2013-December/064401.html Nothing has changed since 2013? P.S. I greatly regret that moved from chan_sip to res_pjsip. Previously used very much lacking, and much of the promise failed. Dmitriy Serov. -------------- next part -------------- An HTML

Dear all, I have an Asterisk server with SIP and IAX softphones clients, and I need to encrypt the voip calls among them: *For SIP clients I use Twinkle which implements the ZRTP/SRTP encryption mechanism client-2-client; I read it's the better security mechanism nowadays created by Phill Zimmerman who created PGP. *For IAX clients I used Kiax but I don't know exactly if there is any

05.10.2015 23:24, Joshua Colp ?????: > On 15-10-05 05:22 PM, Dmitriy Serov wrote: >> Hello. Do I understand correctly that the current implementation >> res_pjsip does not support ZRTP? >> http://lists.digium.com/pipermail/asterisk-dev/2013-December/064401.html > > ZRTP is not supported in Asterisk itself. > >> Nothing has changed since 2013? P.S. I greatly

Dear all, I have Asterisk 1.4.13 and I need to use encryption among Asterisk and my SIP users, and with the RTP data interchanged among users. I prefer the use of ZRTP/SRTP because we use Twinkle and X-Lite/Zfone as our voip clients and they support these encryption mechanism. My question is: do I have to enable any encryption support in Asterisk 1.4.13 ??? Or Asterisk has native encryption

Microsip (Windows) is free and small. 2.5Mb download, 10Mb RAM usage, does everything I need and configuring TLS is a doddle. http://www.microsip.org/ On 16 February 2017 at 13:04, Max Grobecker <max.grobecker at ml.grobecker.info> wrote: > Hello, > > I'm a big fan of PhonerLite. > It's more poplar in Germany, but also available in English language. > This client

Friends, The following mail was sent earlier to asterisk-dev and did not cause the amount of discussion I hoped it would. Now that we have a way to secure signalling in IAX2 and SIP in Asterisk svn trunk, we need to start working on the concept of a "secure call" - or does it really matter? In SIP, there's a specification for how I as a domain owner can request all calls to

My find_by_sql is not returning attributes of the calling model class. Thermo.find_by_sql("SELECT COUNT(*) FROM thermo WHERE thermo_loc = ''back'' GROUP BY DAYOFWEEK(time_on) ASC") # ==> [#<Thermo >, #<Thermo >, #<Thermo >, #<Thermo >, #<Thermo >, #<Thermo >, #<Thermo >] The sql is fine and when I checked it in a mysql

https://bugzilla.samba.org/show_bug.cgi?id=11378 Nathan Neulinger <nneul at neulinger.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|WORKSFORME |--- --- Comment #2 from Nathan Neulinger <nneul

Hello Everyone, Are these indications of attacks on this system? I specifically have port 22 disabled at all times and only port forward it to server when I access SSH for a minute or so. Shouldn't UNKNOWN be an actual IP address? */var/log/secure:* May 14 00:35:39 pbx sshd[9011]: Did not receive identification string from UNKNOWN May 14 00:36:09 pbx sshd[9040]: Did not receive