Table of Contents
1. Introduction............................................................................................................................................3
1.1. Overview.........................................................................................................................................3
2. User Guide.............................................................................................................................................3
2.1. Configuration..................................................................................................................................3
2.1.1. Quick Start...............................................................................................................................3
2.1.2. Controlled Networks...............................................................................................................4
2.1.2.1. Full Upgrade....................................................................................................................4
2.1.2.2. Partial Upgrade................................................................................................................4
2.1.3. Public Networks......................................................................................................................4
2.1.3.1. Full Upgrade....................................................................................................................4
2.1.3.2. Partial Upgrade................................................................................................................5
2.1.3.3. Guest Access....................................................................................................................5
2.2. CLI Commands..............................................................................................................................6
2.2.1. iax2 show callnumber usage....................................................................................................6
2.2.2. iax2 show peer........................................................................................................................6
3. Protocol Modification............................................................................................................................6
3.1. Overview.........................................................................................................................................6
3.2. Call Token Validation.....................................................................................................................7
3.3. Example Message Exchanges.........................................................................................................8
3.3.1. Call Setup................................................................................................................................8
3.3.2. Call Setup, client does not support CALLTOKEN.................................................................8
3.3.3. Call Setup, client supports CALLTOKEN, server does not...................................................9
3.3.4. Call Setup from client that sends invalid token......................................................................9
4. Asterisk Implementation........................................................................................................................9
4.1. CALLTOKEN IE Payload...............................................................................................................9
2 of 10
1. Introduction
1.1. Overview
A change has been made to the IAX2 protocol to help mitigate denial of service attacks. This
change is referred to as call token validation. This change affects how messages are exchanged and is
not backwards compatible for an older client connecting to an updated server, so a number of options
have been provided to disable call token validation as needed for compatibility purposes.
In addition to call token validation, Asterisk can now also limit the number of connections
allowed per IP address to disallow one host from preventing other hosts from making successful
connections. These options are referred to as call number limits.
For additional details about the configuration options referenced in this document, see the
sample configuration file, iax.conf.sample. For information regarding the details of the call
token validation protocol modification, see section 3 (Protocol Modification) of this document.
2. User Guide
2.1. Configuration
2.1.1. Quick Start
We strongly recommend that administrators leave the IAX2 security enhancements in place
where possible. However, to bypass the security enhancements completely and have Asterisk work
exactly as it did before, the following options can be specified in the [general] section of
iax.conf:
[general]
…
calltokenoptional = 0.0.0.0/0.0.0.0
maxcallnumbers = 16382
…
3 of 10
评论0