Well.. Thanks. That could be a solution.
What I am thinking right now is to use some kind of authentication, perhaps using OpenSSL, so that Asterisk can filter which packet to process, and which one to dump. Any comments, suggestions, critics? What do you guys think? Thank You Fadil On Jan 29, 2008 10:27 PM, Duane <[EMAIL PROTECTED]> wrote: > Abu 'Ubayd Fadil wrote: > > > So, I am planning to solve this problem and need more information if > > anything has been done regarding this so far. > > Most people 'solve' security issues with Asterisk by putting something > else in front of it (like OpenSER etc)... > > When I was making code to test if a SIP address is accepting calls etc I > made a few mistakes and ended up causing a DoS with RTP by accident, I > could easily see this leading to smurf style attacks using RTP instead > of ICMP... > > -- > > Best regards, > Duane > > http://www.freeauth.org - Enterprise Two Factor Authentication > http://www.nodedb.com - Think globally, network locally > http://www.sydneywireless.com - Telecommunications Freedom > http://e164.org - Because e164.arpa is a tax on VoIP > > "In the long run the pessimist may be proved right, > but the optimist has a better time on the trip." > > _______________________________________________ > --Bandwidth and Colocation Provided by http://www.api-digital.com-- > > asterisk-security mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-security >
_______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-security mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-security
