● Asterisk X100P FXOHelicomm ZigBee PlatformHome WiFi NetworksIEEE 802.11New Taiwan Hwa Yao TekNexTone RentalRF Linx WLAN RadiosVoIP PSTN GatewayWi-FiWiMAXWirelessWireless securityWirelessGRID Bridgesz LinksZigbee / IEEE802.15.4

Asterisk Vulnerable To Denial Of Service Attacks

Navigation: Main page

Author: WildC@rd

Internet Security Systems, an internet security vendor, provides a free alert and advisory service called X-Force that has warned of a vulnerability to Denial Of Service (DOS) attacks in older versions of Asterisk and in improperly setup configurations of the latest version. Specifically, hackers could disrupt telephony services at an organization powered by Asterisk by exploiting a possibility in the system for a concerted DOS attack. The vulnerability comes because of a denial of service vulnerability in the Inter-Asterisk eXchange protocol version 2 (IAX2). IAX2 is used by Asterisk PBX software to exchange Voice over IP call setup and call content. If an attacker floods the PBX with call requests, the PBX will be unable to handle new telephone calls. The latest version of Asterisk, version 1.2.10, includes the capability to limit the maximum number of simultaneous unauthenticated calls that can be placed by a single user, which prevents the DOS attack. However, the number of allowed simultaneous calls must be tuned in each installation to be as low as users will accept in order to provide the maximum protection. Internet Security Systems says that the vulnerability can lead to complete denial of office telephone services in environments where Asterisk PBX is in use. The attack could also be launched against IAX2 to PSTN gateways, denying regular telephone services to large numbers of businesses and home users where a service provider is using Asterisk to fulfill calls. Full details of the vulnerability, the solution and information about ISS X-Force alerts can be found here .
Alpha Telecom

Wireless networking kit sales on the up
Sales of wireless LAN (WLAN) equipment are rising steadily as enterprises roll out campus-wide netwo...

Banks ignore tech at their peril
Banks could improve their customer service by embracing new technologies but are proving to be slow ...

Nokia buys Loudeye digital music delivery platform
With Nokia releasing the N91 musicphone with a 4GB capacity, I've said a few times that Nokia will n...