Vincent, It really depends on the driver set and the asterisk system's configuration. If there is an exploitable bug in libpri or the driver for the specific card you maybe able to attack it by tapping into the line and issuing malformed framing, encoding or d-channel information, but that would require either an existing exploit or fuzzing drivers and/or libraries by the interested party. On the other hand if they have some sort of automated menu system that is connected to the PBX via the PSTN you can attack it like you would any other PBX via weak passcodes and other information. Taking either of these approaches can tie up resources on the system however by eating up a single b-channel in the case of attempting to go after a menu interface or an entire circuit in the case of a PRI which if monitored should be readily apparent to the administrator of the system.
Please be fuzzing from telco gear may or may not be in violation of one or more federal and state law and tapping a PRI in the US in most fashions is a Felony without a wiretap warrant so doing so should be done with extreme caution and permission as well as legal research in advance. On Wed, Jan 13, 2010 at 2:09 AM, Vincent Lape <[email protected]> wrote: > Is anyone in the group knowledgeable enough about asteresk and PRI lines to > offer opinion of the feasibility of attacking an asteresk server via a PRI > line? > > > > >> Do we know of anyone knowledgeable enough about asterisk and PRI lines > to >> offer opinion of the feasibility of attacking an asterisk server via a > PRI >> line? > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
