05-03-2010 12:24 PM - edited 03-15-2019 10:35 PM
Hi,
We were experimenting with pings with a large datagram size (1500 bytes / 1600 bytes) and we were pinging from an ASA to a 7940 ephone. As soon as we executed the commands the phone rebooted. The pings did not arrive. The phone is running P00308000400.
ASA01> ping
Interface: INSIDE
Target IP address: 192.168.10.110
Repeat count: [5] 300
Datagram size: [100] 1600
Timeout in seconds: [2]
Extended commands [n]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 300, 1600-byte ICMP Echos to 192.168.10.110, timeout is 2 seconds:
????????
Success rate is 0 percent (0/8)
From CCME:
470762: May 3 21:16:38.856 CET: %IPPHONE-6-UNREGISTER_ABNORMAL: ephone-13:SEP00
112189D28C IP:192.168.10.110 Socket:3 DeviceType:Phone has unregistered abnormal
ly.
Ofcourse this is not a major issue, but I guess someone could use this as a DoS attack on someones phone setup.
Anyone else seen this before?
05-03-2010 12:40 PM
Update FW and try again.
05-03-2010 01:02 PM
There are definitely documented DoS attacks on IP phones based on excessive or simply large ICMP packets being sent to the phone. Can you post what version of firmware you are currently on and what version of CUCM you are running as well? This will help determine what version of firmware you might upgrade to and test from there.
Hailey
Please rate helpful posts!!!
05-03-2010 01:11 PM
It's there, 8.0(4), not recent.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide