26.7. IAX2 Denial of Service

While SIP is a text-based protocol, IAX2 is a binary encoded protocol. The IAX2 standard is RFC 5456. Every IAX2 packet contains a call number that is used to associate the packet with an active call. This is analogous to the Call-ID header in SIP. An IAX2 call number, is a 15-bit field. It is large enough to deal with the number of calls that will be practical on one system. Unfortunately, it is also small enough that it is pretty easy for an attacker to send enough small packets to consume all available call numbers on a system for a short period of time, resulting in a denial of service attack.

The IAX2 support in Asterisk has been modified to automatically protect against this type of attack. This protection is referred to as call token support and requires a three-way handshake to occur before a call number is allocated. However, older versions of Asterisk and some non-Asterisk IAX2 implementations may not support this, so there are a number of options that let you tweak the behavior.