[Serusers] rtpproxy address filling
Stefan Sayer
stefan.sayer at iptego.com
Tue Apr 1 21:08:48 CEST 2008
Hello,
I think this is an interesting question, but
Andres wrote:
> To answer my own question, I just set up a lab test to verify this.
>
> After the session is up and the address has been 'pre-filled', if
> rtpproxy receives a packet on the same UDP port as one of the call legs
> but from a different IP, it changes the address to which it forwards the
> stream.
>
> It immediately jumped into my mind that this could be a security
> vulnerability since a remote attacker could effectively bring down all
> sessions on an rtpproxy just by doing a UDP scan.
...wouldn't they switch back to the correct addresses when the next RTP
packet arrives, i.e. after 10/20/30 ms?
Stefan
--
Stefan Sayer
VoIP Services
stefan.sayer at iptego.com
www.iptego.com
iptego GmbH
Am Borsigturm 40
13507 Berlin
Germany
Amtsgericht Charlottenburg, HRB 101010
Geschaeftsfuehrer: Alexander Hoffmann
More information about the sr-users
mailing list