Abu 'Ubayd Fadil wrote: > What I am thinking right now is to use some kind of authentication, > perhaps using OpenSSL, so that Asterisk can filter which packet to > process, and which one to dump. > > Any comments, suggestions, critics? What do you guys think?
All that will accomplish is to make the problem worse. The DoS is not usually making Asterisk do too much *real work*, it's just sending it large volumes of traffic it must ignore. Adding complexity to figure out which traffic to ignore and which to process will just increase the workload. The larger issue though is that 'adding authentication ... using OpenSSL' is all well and good if all your endpoints support it. If they don't, you have to continue to use the existing mechanisms for communication. -- Kevin P. Fleming Director of Software Technologies Digium, Inc. - "The Genuine Asterisk Experience" (TM) _______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-security mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-security
