IAX2 Fuzzer Released
The IAX2 fuzzer used to discover the gaping holes in the design of IAX is now available through the VoIPer project. The VoIPer project is originally a SIP fuzzer that has shown some SIP stacks to be quite inferior to others.
Unfortunately there is only one IAX stack and its garbage.
Anyone willing to help with either [...]
Nine More Asterisk IAX 0Days
Well. My patience has run out. Digium is not fixing the original 2 0days so…. The following are links to 9 additional IAX DoS 0days.
Note: Digium was informed during a conference call that there are over 12 RE 0days. They have shown no effort to fix any of them.
iaxControlRegReqEncryption
iaxControlNewCallingPres
iaxControlNewCallingTns
iaxControlNewCallingTon
iaxControlNewRegReqv
iaxControlNewRRJitter
iaxControlNewRRLoss
iaxControlNewRRPkts
iaxControlNewCalledno
Note to Providers: If [...]
Voicepulse Drops IAX2 Support
Voicepulse has stopped supporting IAX. They have stated that this is due to the lack of IAX failover capabilities (redundancy toward increased uptime) and support costs.
“All customers using IAX2 must convert to using SIP to continue using VoicePulse services. The IAX2 protocol does not allow for proper utilization of our infrastructure and poses too great [...]
For those whom still don’t know (or maybe you do?)
Digium had scheduled a conference call on Friday December 12th at 10:30 Central Time with myself. This call lasted just over an hour.
During the call, it was mentioned that those in management positions “don’t” believe that I was trying to “blackmail” them. This was nice to hear considering others within the company have previously publicaly [...]
FBI Warn: Vishing + Asterisk = NSFW++
Despite a recent warning from the FBI, the attack method used to breach an Asterisk PBX to launch Vishing attacks was probably not an 0day.
PCWorld quoted a Digium rep as saying that a buffer overflow attack would be very hard to pull off. Sounds like he’s stuck on a document from 1996.
If you do receive [...]