Vulnerability Development: Re: Asterisk ignoring replayed libpcap sessions

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: Asterisk ignoring replayed libpcap sessions

From: nnp <version5 () gmail com>
Date: Tue, 31 Oct 2006 12:16:10 +0000

That is true but unfortunately (or fortunately depending on how you
look at it) it works perfectly using python and plain old UDP sockets
just reading the plain text SIP dump from file.

On 10/30/06, Stefano Zanero <s.zanero () securenetwork it> wrote:

nnp wrote:
> SIP is carried over UDP.

Yes, that's true, but is it only SIP that you are talking about ? And
even in that case... it's not so simple.

TCPReplay also replays UDP packets, but if for instance those packets
contain nonces, identifiers that can be changed from either side, or
other elements of freshness, you can't expect that a server will react
correctly to a blind REPLAY of a former session... much in the same way
this wouldn't fly with TCP based protocols

Stefano



--
http://silenthack.co.uk

By Date By Thread

Current thread:

Re: Asterisk ignoring replayed libpcap sessions Stefano Zanero (Nov 01)
- Re: Asterisk ignoring replayed libpcap sessions nnp (Nov 01)
  - Re: Asterisk ignoring replayed libpcap sessions Stefano Zanero (Nov 01)
    - Re: Asterisk ignoring replayed libpcap sessions nnp (Nov 01)
    - Re: Asterisk ignoring replayed libpcap sessions Matthew Franz (Nov 02)
    - Re: Asterisk ignoring replayed libpcap sessions Blue Boar (Nov 02)
  - Re: Asterisk ignoring replayed libpcap sessions nnp (Nov 01)
- <Possible follow-ups>
- Re: Asterisk ignoring replayed libpcap sessions Pravin (Nov 01)
- Re: Asterisk ignoring replayed libpcap sessions Aaron Turner (Nov 01)