PaulDotCom mailing list archives
PRI/Asterisk Security
From: blake at remoteorigin.com (blake at remoteorigin.com)
Date: Wed, 13 Jan 2010 17:35:05 -0500
Hi Vincent, There is an attack that not only would work against certain configurations of Asterisk but other PBX's as well. Its not exactly a PRI based attack but I feel this method is still worth mentioning to the group. Its basically as follows. Loopback Signaling Inter-PBX Forced Dial-Tone Attack: An attacker calls a PBX and has the call transferred to an adjacent PBX within the same organization. Since loopback signaling has no notion of "hand up detection" it is possible to have the receiving party (on the second PBX) hang up the phone while the attacker stays on the line. If this inter-PBX link uses Loopback signaling then the first PBX "can" bump the attacker into a dial tone upon disconnect with the second PBX. You can then make free phone calls. Solution: use signaling that supports hangup detection (which is pretty much the rest of them). Its simpler then it sounds. Its rare that a specific system/configuration is vulnerable yet I've had some fun/success using this technique myself. This attack is beyond brute forcing extensions, VM codes or the similar via IVR systems. That would be another conversation. Let me know if you have any questions regarding. Cheers, Blake Cornell Vincent, It really depends on the driver set and the asterisk system's configuration. If there is an exploitable bug in libpri or the driver for the specific card you maybe able to attack it by tapping into the line and issuing malformed framing, encoding or d-channel information, but that would require either an existing exploit or fuzzing drivers and/or libraries by the interested party. On the other hand if they have some sort of automated menu system that is connected to the PBX via the PSTN you can attack it like you would any other PBX via weak passcodes and other information. Taking either of these approaches can tie up resources on the system however by eating up a single b-channel in the case of attempting to go after a menu interface or an entire circuit in the case of a PRI which if monitored should be readily apparent to the administrator of the system. Please be fuzzing from telco gear may or may not be in violation of one or more federal and state law and tapping a PRI in the US in most fashions is a Felony without a wiretap warrant so doing so should be done with extreme caution and permission as well as legal research in advance. On Wed, Jan 13, 2010 at 2:09 AM, Vincent Lape <vlape at me.com> wrote:
Is anyone in the group knowledgeable enough about asteresk and PRI lines to
offer opinion of the feasibility of attacking an asteresk server via a PRI line?
Do we know of anyone knowledgeable enough about asterisk and PRI linestooffer opinion of the feasibility of attacking an asterisk server via aPRIline?_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- PRI/Asterisk Security Vincent Lape (Jan 12)
- PRI/Asterisk Security Nicholas B. (Jan 13)
- <Possible follow-ups>
- PRI/Asterisk Security blake at remoteorigin.com (Jan 13)