On Thu, Dec 08, 2011 at 04:47:37PM -0600, Asterisk Security Team wrote: > [...] > Description It is possible to enumerate SIP usernames when the general > and user/peer NAT settings differ in whether to respond to > the port a request is sent from or the port listed for > responses in the Via header. In 1.4 and 1.6.2, this would > mean if one setting was nat=yes or nat=route and the other > was either nat=no or nat=never. In 1.8 and 10, this would > mean when one was nat=force_rport or nat=yes and the other > was nat=no or nat=comedia.
I see that early this year, VOIPPACK (from the folks who brought us SIPVicious) announced "Additionally we improved vp_sipenumerate to be able to scan Asterisk servers regardless of the alwaysauthreject option". I'm guessing this is how they do it. VOIPPACK isn't free, so it's not as widely used as SIPVicious, but it seems to show that there's at least one exploit already out there. -- Barry -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
