By using a security software–Nessus, the reports are as fellow:
The remote VoIP service is susceptible to a remote denial of service
The version of Asterisk installed on the remote host consumes an IAX2
call number while waiting for an ACK packet in response to a PONG
packet. By flooding the affected service with POKE requests, an
unauthenticated remote attacker can leverage this issue to exhaust all
available call numbers and prevent legitimate IAX2 calls from getting
See also :
[quote]Upgrade to Asterisk Open Source 184.108.40.206 / 1.2.30, Asterisk Business
Edition C.2.0.3 / C.1.10.3 / B.2.5.4, s800i (Asterisk Appliance)
220.127.116.11 or later. [/quote]
But i didn’t find any articles talking about the upgrade actions.
Have anybody upgraded asterisk successfully?