[a bit of thinking-out-load, sorry about that]
hello,
we're moving to asterisk 13 with chan_pjsip and i was planning on learning
about inner workings of pjsip since we offer some features via couple of
patches to old chan_sip which are to be updated to work with pjsip. that is
of course if those features are not offered by pjsip...
then this came up which i though could be a good learning project:
some of our clients edge device still use old NAT and apparently that
allows communication over an open port (in this case we care about whatever
SIP port we're using) to go through without cross checking the sending
machine's ip. huge security hole since sniffing out those old routers is
all needed to get a hold of the phones and it's a walk in the park from
there on.
i think, for now, best is to upgrade those routers but first i need to find
them. i am wondering what your thoughts are on how to go about finding those
clients?
as an idea, i thought -- in the words of the dear Brick Top -- why not try
a righteous infliction of retribution manifested by an appropriate agent,
personified in this case by an horrible aunt, me. [wait what]
put simply i thought i would run the attack on clients' routers and see
which one responds. given that scenario, at minimum, what should be sent
from a make-believe attacking machine? an INVITE perhaps? or do whatever
asterisk does when asking peers to 'qualify' and see if i can get
credentials exposed that way. (can't find QUALIFY in rfcs though)
jrun
[a bit of thinking-out-load, sorry about that]
hello,
we're moving to asterisk 13 with chan_pjsip and i was planning on learning
about inner workings of pjsip since we offer some features via couple of
patches to old chan_sip which are to be updated to work with pjsip. that is
of course if those features are not offered by pjsip...
then this came up which i though could be a good learning project:
some of our clients edge device still use old NAT and apparently that
allows communication over an open port (in this case we care about whatever
SIP port we're using) to go through without cross checking the sending
machine's ip. huge security hole since sniffing out those old routers is
all needed to get a hold of the phones and it's a walk in the park from
there on.
i think, for now, best is to upgrade those routers but first i need to find
them. i am wondering what your thoughts are on how to go about finding those
clients?
as an idea, i thought -- in the words of the dear Brick Top -- why not try
a righteous infliction of retribution manifested by an appropriate agent,
personified in this case by an horrible aunt, me. [wait what]
put simply i thought i would run the attack on clients' routers and see
which one responds. given that scenario, at minimum, what should be sent
from a make-believe attacking machine? an INVITE perhaps? or do whatever
asterisk does when asking peers to 'qualify' and see if i can get
credentials exposed that way. (can't find QUALIFY in rfcs though)
jrun
