PaulDotCom mailing list archives
PRI/Asterisk Security
From: nberthaume at gmail.com (Nicholas B.)
Date: Wed, 13 Jan 2010 11:49:01 -0500
Vincent, It really depends on the driver set and the asterisk system's configuration. If there is an exploitable bug in libpri or the driver for the specific card you maybe able to attack it by tapping into the line and issuing malformed framing, encoding or d-channel information, but that would require either an existing exploit or fuzzing drivers and/or libraries by the interested party. On the other hand if they have some sort of automated menu system that is connected to the PBX via the PSTN you can attack it like you would any other PBX via weak passcodes and other information. Taking either of these approaches can tie up resources on the system however by eating up a single b-channel in the case of attempting to go after a menu interface or an entire circuit in the case of a PRI which if monitored should be readily apparent to the administrator of the system. Please be fuzzing from telco gear may or may not be in violation of one or more federal and state law and tapping a PRI in the US in most fashions is a Felony without a wiretap warrant so doing so should be done with extreme caution and permission as well as legal research in advance. On Wed, Jan 13, 2010 at 2:09 AM, Vincent Lape <vlape at me.com> wrote:
Is anyone in the group knowledgeable enough about asteresk and PRI lines to offer opinion of the feasibility of attacking an asteresk server via a PRI line?Do we know of anyone knowledgeable enough about asterisk and PRI linestooffer opinion of the feasibility of attacking an asterisk server via aPRIline?_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- PRI/Asterisk Security Vincent Lape (Jan 12)
- PRI/Asterisk Security Nicholas B. (Jan 13)
- <Possible follow-ups>
- PRI/Asterisk Security blake at remoteorigin.com (Jan 13)