● Asterisk X100P FXOHelicomm ZigBee PlatformHome WiFi NetworksIEEE 802.11New Taiwan Hwa Yao TekNexTone RentalRF Linx WLAN RadiosVoIP PSTN GatewayWi-FiWiMAXWirelessWireless securityWirelessGRID Bridgesz LinksZigbee / IEEE802.15.4

Asterisk Vulnerable To Denial Of Service Attacks

Navigation: Main page

Author: WildC@rd

Internet Security Systems, an internet security vendor, provides a free alert and advisory service called X-Force that has warned of a vulnerability to Denial Of Service (DOS) attacks in older versions of Asterisk and in improperly setup configurations of the latest version. Specifically, hackers could disrupt telephony services at an organization powered by Asterisk by exploiting a possibility in the system for a concerted DOS attack. The vulnerability comes because of a denial of service vulnerability in the Inter-Asterisk eXchange protocol version 2 (IAX2). IAX2 is used by Asterisk PBX software to exchange Voice over IP call setup and call content. If an attacker floods the PBX with call requests, the PBX will be unable to handle new telephone calls. The latest version of Asterisk, version 1.2.10, includes the capability to limit the maximum number of simultaneous unauthenticated calls that can be placed by a single user, which prevents the DOS attack. However, the number of allowed simultaneous calls must be tuned in each installation to be as low as users will accept in order to provide the maximum protection. Internet Security Systems says that the vulnerability can lead to complete denial of office telephone services in environments where Asterisk PBX is in use. The attack could also be launched against IAX2 to PSTN gateways, denying regular telephone services to large numbers of businesses and home users where a service provider is using Asterisk to fulfill calls. Full details of the vulnerability, the solution and information about ISS X-Force alerts can be found here .
Alpha Telecom

Yahoo! VoIP gets little buzz- on Yahoo!
Yahoo! Research and O'Reilly have been teaming up for awhile to produce a Buzz Game where "investors...

SOYO G668 VoIP Telephone
The Soyo-G668 IP phone is an advanced IP device, allowing its users to experience superb voice commu...

Roaming bills to be slashed by 70 per cent
Mobile operators are to have their roaming prices capped by the European Commission - a move that co...