[VOIPSEC] A Simple Asterisk Based Toll Fraud Prevention Script
Hendrik Scholz
hs at 123.org
Sat Feb 7 10:59:14 CST 2009
Hi!
What would happen if I just send REGISTERs with broken/wrong
Authorization: headers?
Looking at check_auth() in chan_sip.c there is no difference
if the nonce was offered by the Asterisk machine itself or it
was just a random one I came up with.
That way an attacker could spoof a source IP, send a single
REGISTER with random Authorization:.
Your script would trigger and blog a possibly legitimate source
(i.e. your outbound SIP trunk ;)).
Just my $.02,
Hendrik
--
Hendrik Scholz <hs at 123.org>
More information about the Voipsec
mailing list