On Tue, Jul 8, 2014 at 7:47 AM, Marek Cervenka <[email protected]> wrote: > i made another round of research > i want fill issue in jira but i want create sip scenario for easier > replication > > is there some visual tool/service which can generate sip scenario for sipp? > (something like https://www.websequencediagrams.com/) > > thanks > > Dne 24.2.2014 17:34, Marek Cervenka napsal(a): > >> hi, >> >> i have access to one box with asterisk 1.8 where attacker can go through >> call-limit/groupcount >> >> sip scenario was >> INVITE from: X TO: Y >> INVITE (authorization) from: X TO: Y >> INVITE (in-dialog) from: X TO: Y >> REFER (in-dialog) refer-by: X refer-TO: Y >> >> in cdr i see (there is groupcount info) >> src,dst,billsec,userfield, dialstatus >> X,Y, T>5, groupcount=1:call-limit=2, ANSWERED >> X,Y, T<5, groupcount=2:call-limit=2, ANSWERED >> X,Y, T>5, groupcount=1:call-limit=2, ANSWERED >> X,Y, T<5, groupcount=2:call-limit=2, ANSWERED >> ... >> >> it seems like the sip scenario resetting the groupcount info and >> call-limit is not working >> >> i'm trying asterisk-dev if some experienced developer can confirm that sip >> scenario cannot "harm" Asterisk >> do you think the upgrade to Asterisk 11 can help? >>
This is a public mailing list. Please do *NOT* discuss potential security issues on this mailing list. Doing so puts the entire Asterisk community at risk. The Asterisk wiki has instructions on how to report a potential Security Vulnerability - please report your question there: https://wiki.asterisk.org/wiki/display/AST/Asterisk+Security+Vulnerabilities If you don't feel comfortable making a private issue in the issue tracker to discuss this, one can be made for you. -- Matthew Jordan Digium, Inc. | Engineering Manager 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA Check us out at: http://digium.com & http://asterisk.org -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
