Asterisk and DoS attack: What has been done so far?

Hi there,

I would really appreciate if anyone of you could give me some information (or even pointers) regarding DoS attacks and Asterisk.

My question is what has been done so far in securing Asterisk from DoS attacks?

I just downloaded couples of DoS attack tools from (one of them is inviteflood). BAsically, inviteflood will flood asterisk with SIP-invite messages. And it worked. My Asterisk machine is not functioning; placing a call is impossible, etc…

So, I am planning to solve this problem and need more information if anything has been done regarding this so far.

btw, I am running Fedora 7 with ASterisk 1.4.8.



Well first of all maybe you should try upgrading to the latest version, currently 1.4.17 but 1.4.18 is in rc1 testing so you could grab either of these. All know issues would have been resolved in either of those.

Second, if you think you found an issue like this it should be reported to Digium PRIVATELY so they can have a chance to test and release a fix before it is made public.