[VOIPSEC] A Simple Asterisk Based Toll Fraud Prevention Script
hs at 123.org
Sat Feb 7 16:59:14 GMT 2009
What would happen if I just send REGISTERs with broken/wrong
Looking at check_auth() in chan_sip.c there is no difference
if the nonce was offered by the Asterisk machine itself or it
was just a random one I came up with.
That way an attacker could spoof a source IP, send a single
REGISTER with random Authorization:.
Your script would trigger and blog a possibly legitimate source
(i.e. your outbound SIP trunk ;)).
Just my $.02,
Hendrik Scholz <hs at 123.org>
More information about the Voipsec