How to rootcrack an Asterisk box

VoIPsa, an organization which I’ve previously accused of being more of a pretty face for VoIP equipment makers than a real agent of positive change, today called attention to a handful of security hacks targeted at Asterisk. Notice the apparent reluctance to say anything good about the IAX protocol, which is arguably Asterisk’s single-best feature. Anyway, check em out here.

2 Responses to “How to rootcrack an Asterisk box”

Dan York says:

August 15, 2007 at 1:47 pm

Ted,
Being one of those folks trying to make VOIPSA be ‘a real agent of positive change’, I’d just make the comment that the point of Martyn’s post was that other VoIP protocols beyond SIP can also be attacked. Within the VoIPSA weblog as well as the Blue Box podcast, we spend probably the majority of the time talking about attacks against SIP. So much so that one might conclude that SIP is the problem and all other VoIP protocols are okay. Martyn’s point was that at Black Hat, researchers unveiled tools to attack *two* other protocols, one being IAX and the other being H.323.

The mention was not a reflection on IAX but really to the broader point that just because we don’t necessarily talk about various protocols it doesn’t mean there aren’t security issues with them.

Dan

P.S. Guest posts about VoIP security on the VOIPSA weblog are always welcome. Drop me a note if you are interested.

Log in to Reply
Martyn Davies says:

August 15, 2007 at 2:11 pm

Ted, I think you’re reading more into it than I intended. For the record, I’m not having a go at Asterisk, just talking about what I thought was an interesting story from Black Hat. You will see that I’ve written about the security aspects of many protocols: SIP, H323, MGCP, Sigtran and now, yes, IAX. And didn’t I say something good about IAX? It tunnels through firewalls? Thanks for your comments anyway. Regards, Martyn

Log in to Reply