Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here


H.323 Vulnerabilities

H.323 Vulnerabilities

H.323 Vulnerabilities

I found a recent article on Packetizer.Com which puts the recently announced H.323 vulnerabilities into perespective. Most sites employ VoIP within a private network and if they do expose VoIP externally it's in the form of a private point to point network or a secured VPN. So I guess the news isn't a major deal for folks who have their ducks in a row. Those who don't should follow through I suppose:

H.323 Security Flaw Real, Impact Minimal

(January 13, 2004) Apex, NC - An article published today on CNET and resulting from a security advisory posted by NISCC reported a security vulnerability with H.323. The flaw is related to H.323 and its use of ASN.1 Packed Encoding Rules (PER) for encoding and decoding messages, improper handling of malformed H.225.0 messages, and resource leakage. The security flaw is real, but the impact is minimal.

The primary security vulnerability arises from systems that do not properly check for malformed H.225.0 messages or malformed ASN.1 PER messages or messages of indefinite lengths. As a message is received, it should be checked to ensure that it is properly formed, both prior to decoding and during the decoding process. Thus, the problem is not inherent in the H.323 protocol or even ASN.1, but with the PER or message processing implementations used by some H.323 systems.

Correcting this vulnerability is relatively straightforward and most vendors have already taken corrective action. It involves putting proper constraint checking in the PER decoding libraries to ensure that malformed messages messages are properly discarded and do not disrupt system operation and to check the H.225.0 messages for proper content.

The second class of vulnerabilities relates to resource leakage. This is again due partly to the malformed message not being processed correctly, resulting in memory leaks. It is also due to the fact that some H.323 systems are not proactive in closing TCP connections over which a call is never established. The latter is not unusual, in fact, for any TCP-based system. A default Apache server, for example, will leave the TCP connection established for five (5) minutes before closing the connection. H.323 and any TCP-based system should be more proactive in closing connections to eliminate wasted resources.

While H.323 is the most widely used VoIP communication protocol worldwide, the impact is mitigated by the fact that most VoIP systems are operated on private networks that are out of reach from most hackers who would attempt to exploit such vulnerabilities. What this means is that global long distance networks that presently carry billions of voice minutes each month will not likely to be impacted at all.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close