Vuln Dev
Asterisk ignoring replayed libpcap sessions Oct 28 2006 10:47PM
nnp (version5 gmail com) (4 replies)
Re: Asterisk ignoring replayed libpcap sessions Oct 30 2006 10:01PM
Aaron Turner (synfinatic gmail com)
On 10/28/06, nnp <version5 (at) gmail (dot) com [email concealed]> wrote:
> Hey,
> I'm currently testing the Asterisk PBX for vulnerabilities but I just
> encountered an interesting problem when trying to recreate a crash.
> Using a fuzzer I can crash it in the exact same place every time. I am
> recording these session using ethereal (wireshark) and then replaying
> them using tcpreplay e.g
>
> sudo tcpreplay -i lo dieAsterisk.eth
>
> Anyways, the problem is Asterisk completely ignores the data sent to
> it via tcpreplay. I'm not sure what the issue could be. The packets
> replayed are identical. Is anyone aware of any checksum that takes
> timing into account or whatnot in Asterisk?

Using tcpreplay to replay traffic to a server is full of potential
problems and generally considered not supported. If you're using SIP
over UDP you have a chance, but not over TCP.

For more info:
http://tcpreplay.synfin.net/trac/wiki/FAQ#Doestcpreplaysupportsendingtra
ffictoaserver

Also:
1) Be sure your pcap only contains the client side of the traffic.
2) Sending over loopback isn't really supported... I'm not really sure
what will happen... most likely OS dependant. Also, be aware that DLT
types are different for loopback depending on your OS. Make sure
you've got the right L2 header (or none) if applicable.
3) Don't forget to check your firewall settings if enabled.

--
Aaron Turner
http://synfin.net/

[ reply ]
Re: Asterisk ignoring replayed libpcap sessions Oct 30 2006 09:11AM
Stefano Zanero (s zanero securenetwork it) (1 replies)
Re: Asterisk ignoring replayed libpcap sessions Oct 30 2006 08:00PM
nnp (version5 gmail com)
Re: Asterisk ignoring replayed libpcap sessions Oct 30 2006 05:15AM
Pravin (shindepravin gmail com)
Re: Asterisk ignoring replayed libpcap sessions Oct 29 2006 08:15PM
gaurav saha (gauravsaha007 yahoo com)


 

Privacy Statement
Copyright 2010, SecurityFocus