Comments on: Asterisk Security Advisory – RTP Remote Crash Vulnerability http://voipsa.org/blog/2009/12/04/asterisk-security-advisory-rtp-remote-crash-vulnerability/ Collective thoughts and musings on the state of VoIP security today. Fri, 18 May 2012 10:08:16 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Alan Percy http://voipsa.org/blog/2009/12/04/asterisk-security-advisory-rtp-remote-crash-vulnerability/comment-page-1/#comment-357248 Alan Percy Fri, 04 Dec 2009 22:40:39 +0000 http://voipsa.org/blog/?p=820#comment-357248 We discussed this exact senario in detail during the most recent session on SIP Tunking security during the Spring ITExpo 2009. The vunerability is one example of the threats that exist when exposing any IP-PBX (including Asterisk) to the outside world without an SBC with packet inspection playing the role of security guard. We strongly suggest that our solution designers use our eSBC function in our MSBG platform to secure their point of entry. If there is a crack, the bad guys will find it - especially in the open source world when they have the source code to your IP-PBX. No IT manager want a resume-generating event to occur on their IP-PBX. We discussed this exact senario in detail during the most recent session on SIP Tunking security during the Spring ITExpo 2009.

The vunerability is one example of the threats that exist when exposing any IP-PBX (including Asterisk) to the outside world without an SBC with packet inspection playing the role of security guard. We strongly suggest that our solution designers use our eSBC function in our MSBG platform to secure their point of entry.

If there is a crack, the bad guys will find it – especially in the open source world when they have the source code to your IP-PBX.

No IT manager want a resume-generating event to occur on their IP-PBX.

]]>