jvoss@altsci.com
jvoss@myuw.net
April 18, 2008
AltSci IAX2 0.7
[sig]
AltSci IAX2 0.6
[sig]
UPDATE May 24, 2008
I have done a mildly thorough investigation of 1.4.19.1 (the fixed version) and I understand their solution (verify a pseudo-random call number). The solution is as good as I recommended. It does not solve the non-spoofed DoS attack since the attacker can use the call number it receives from the accept packet, but it does make the spoofed DoS attack much less useful (1:5 amplification is practically worthless). I consider this grevious security bug to be fixed. I have not tested backwards compatibility of devices and software versions. I plan to test whether this can be recreated via uncommon use cases such as psuedorandom guessing, sending random commands, etc. I hope that Asterisk will accept my apologies for releasing the exploit before they had a chance to respond. I plan to disclose all future vulnerabilities full disclosure after a timely opportunity for the vendor to respond. I encourage all other security researchers who use my tools to release the vulnerabilities that they find in a similar manner for the benefit of the community.
UPDATE April 24, 2008
Asterisk has responded to the release of my second exploit and framework with a set of patches to SVN. They have made the bug report above publicly available which pleases me. I haven't tested this to make sure that it isn't vulnerable, but I can assure you that I will. I will also spend time to see if their patch is backwards compatible with other versions of Asterisk and soft phones. I applaud Asterisk for their work toward fixing this obvious flaw. Together I believe that we can write and test a good VoIP protocol.
April 19-27, 2008
This program was written in a few days to solve the issue of watching network traffic in realtime. I split packets into groups of IP, TCP, UDP, and non-IP as well as in/out and update the screen every second. It shows packets per second, kilobits per second, and horizontal lines show how much data. The bars switch to yellow when the traffic increases over 1Mbps and to red when it increases over 5 Mbps.
by Javantea aka. Joel R. Voss
August 16, 2007
Source Code not yet available.
Collisions in hashes are quite bad news for cryptographers. Finding them is quite difficult. The current best attack against SHA1 requires 2**69 operations.
a is an array of plaintexts.
The likeliness of a collision is a function of len(a).
sha1mod1.py sha1 hashes the plaintexts modulus x.
It counts the collisions.
Plotted here is x vs collisions(x).
BitTorrent Protocol Attack
jvoss@altsci.com
jvoss@myuw.net
Feb 23-26, 2005
BitTorrent Attack 0.3 Source
[sig]
BitTorrent Attack 0.2 Source
[sig]
Official BitTorrent Protocol
Official BitTorrent Client
Netmap2 Page
The BitTorrent Attack is a small project to see what we can do with the BitTorrent protocol without sending or receiving legitimate data. It is part of Netmap2 (aka. Protocols and Services Project).
Read more »
