● Asterisk X100P FXOHelicomm ZigBee PlatformHome WiFi NetworksIEEE 802.11New Taiwan Hwa Yao TekNexTone RentalRF Linx WLAN RadiosVoIP PSTN GatewayWi-FiWiMAXWirelessWireless securityWirelessGRID Bridgesz LinksZigbee / IEEE802.15.4

Asterisk Vulnerable To Denial Of Service Attacks

Navigation: Main page

Author: WildC@rd

Internet Security Systems, an internet security vendor, provides a free alert and advisory service called X-Force that has warned of a vulnerability to Denial Of Service (DOS) attacks in older versions of Asterisk and in improperly setup configurations of the latest version. Specifically, hackers could disrupt telephony services at an organization powered by Asterisk by exploiting a possibility in the system for a concerted DOS attack. The vulnerability comes because of a denial of service vulnerability in the Inter-Asterisk eXchange protocol version 2 (IAX2). IAX2 is used by Asterisk PBX software to exchange Voice over IP call setup and call content. If an attacker floods the PBX with call requests, the PBX will be unable to handle new telephone calls. The latest version of Asterisk, version 1.2.10, includes the capability to limit the maximum number of simultaneous unauthenticated calls that can be placed by a single user, which prevents the DOS attack. However, the number of allowed simultaneous calls must be tuned in each installation to be as low as users will accept in order to provide the maximum protection. Internet Security Systems says that the vulnerability can lead to complete denial of office telephone services in environments where Asterisk PBX is in use. The attack could also be launched against IAX2 to PSTN gateways, denying regular telephone services to large numbers of businesses and home users where a service provider is using Asterisk to fulfill calls. Full details of the vulnerability, the solution and information about ISS X-Force alerts can be found here .
Alpha Telecom

Mobile Web Services: A New Agent-Based Framework
Mobile devices and server applications often run on different platforms, which can make integration ...

Apple's iPhone SDK Off to The Races
At least that seems a reasonable conclusion based on today's announcement that over 100,000 develope...

Time Warner Telecom COO renegotiates pay
Less than a year after signing a three-year employment contract with Time Warner Telecom, Chief Oper...