● Asterisk X100P FXOHelicomm ZigBee PlatformHome WiFi NetworksIEEE 802.11New Taiwan Hwa Yao TekNexTone RentalRF Linx WLAN RadiosVoIP PSTN GatewayWi-FiWiMAXWirelessWireless securityWirelessGRID Bridgesz LinksZigbee / IEEE802.15.4

Asterisk Vulnerable To Denial Of Service Attacks

Navigation: Main page

Author: WildC@rd

Internet Security Systems, an internet security vendor, provides a free alert and advisory service called X-Force that has warned of a vulnerability to Denial Of Service (DOS) attacks in older versions of Asterisk and in improperly setup configurations of the latest version. Specifically, hackers could disrupt telephony services at an organization powered by Asterisk by exploiting a possibility in the system for a concerted DOS attack. The vulnerability comes because of a denial of service vulnerability in the Inter-Asterisk eXchange protocol version 2 (IAX2). IAX2 is used by Asterisk PBX software to exchange Voice over IP call setup and call content. If an attacker floods the PBX with call requests, the PBX will be unable to handle new telephone calls. The latest version of Asterisk, version 1.2.10, includes the capability to limit the maximum number of simultaneous unauthenticated calls that can be placed by a single user, which prevents the DOS attack. However, the number of allowed simultaneous calls must be tuned in each installation to be as low as users will accept in order to provide the maximum protection. Internet Security Systems says that the vulnerability can lead to complete denial of office telephone services in environments where Asterisk PBX is in use. The attack could also be launched against IAX2 to PSTN gateways, denying regular telephone services to large numbers of businesses and home users where a service provider is using Asterisk to fulfill calls. Full details of the vulnerability, the solution and information about ISS X-Force alerts can be found here .
Alpha Telecom

O2, Manx Telecom, Lucent Technologies and QUALCOMM Conducting 3G UMTS/HSDPA Field Trial Using 900 MHz Spectrum on the Isle of Man
O2, Manx Telecom (a wholly owned subsidiary of O2), Lucent Technologies (NYSE: LU), and QUALCOMM (NA...

Wi-fi mobiles flying high
Mobile phones with wi-fi are shaping up to be the hottest segment of the handset market.

What Awaits the iPhone in Europe?
Fueling speculation about an imminent strategic change by Apple are early sales of the device in Eur...