 |
 |
||||
|
|
|||||
|
|
● Asterisk X100P FXO ● Helicomm ZigBee Platform ● Home WiFi Networks ● IEEE 802.11 ● New Taiwan Hwa Yao Tek ● NexTone Rental ● RF Linx WLAN Radios ● VoIP PSTN Gateway ● Wi-Fi ● WiMAX ● Wireless ● Wireless security ● WirelessGRID Bridges ● z Links ● Zigbee / IEEE802.15.4 | ||||||
Asterisk Vulnerable To Denial Of Service Attacks Navigation: Main page Author: WildC@rd Internet Security Systems, an internet security vendor, provides a free alert and advisory service called X-Force that has warned of a vulnerability to Denial Of Service (DOS) attacks in older versions of Asterisk and in improperly setup configurations of the latest version. Specifically, hackers could disrupt telephony services at an organization powered by Asterisk by exploiting a possibility in the system for a concerted DOS attack. The vulnerability comes because of a denial of service vulnerability in the Inter-Asterisk eXchange protocol version 2 (IAX2). IAX2 is used by Asterisk PBX software to exchange Voice over IP call setup and call content. If an attacker floods the PBX with call requests, the PBX will be unable to handle new telephone calls. The latest version of Asterisk, version 1.2.10, includes the capability to limit the maximum number of simultaneous unauthenticated calls that can be placed by a single user, which prevents the DOS attack. However, the number of allowed simultaneous calls must be tuned in each installation to be as low as users will accept in order to provide the maximum protection. Internet Security Systems says that the vulnerability can lead to complete denial of office telephone services in environments where Asterisk PBX is in use. The attack could also be launched against IAX2 to PSTN gateways, denying regular telephone services to large numbers of businesses and home users where a service provider is using Asterisk to fulfill calls. Full details of the vulnerability, the solution and information about ISS X-Force alerts can be found here . |
Apple's iPhone SDK Off to The Races Vodafone Adds Google Search US plane security turns on batteries Current news: Skype: Millions still without service Homes Often Baffle Wi-Fi From Routers Merry Christmas and a happy New Year Google Sets Business Focus in Chelsea The Tech World's Hottest Meal Ticket The Disorganization of a 4G Classification: How the ITU Rendered HSPA+ a 4G Standard |
||||||
 |
 |
||||||