On Thu, 2006-09-28 at 12:05 +0100, Brian Candler wrote: > John Lange wrote: > > A while back I posted a suggestion for limiting the impact of 1/2 open > > SIP authentication attacks based on the principal of syncookies: > > > > http://lists.digium.com/pipermail/asterisk-dev/2006-July/021709.html > > > > It didn't seem to generate any interest but I still think its a good > > idea so it might be worth some people having a second look at and its > > on-topic for this conversation. > > I think that it's definitely worth exploring. > > However in the form proposed, it seems only to apply to connections which > must be authenticated. It would not help with an INVITE flood to a SIP proxy > which accepts incoming calls from the public Internet.
This particular suggestion was in response to one specific type of attack. At the moment Asterisk has a limit on the number of authentication requests it can handle at one time. An attacker simply has to flood the server with a number of 1/2 open authentication requests and Asterisk's authentication table will fill and stop responding. This technique eliminates that possibility but is only one small improvement that deals with one specific case. Other techniques would have to be utilized for the other cases. John _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
