On 01/02/2014 11:00 AM, Jr Richardson wrote:
or should I open up media port range to all PBX's and not worry about attacks.
You should open up the media port range to all PBXs and not worry about attacks.
As Muhammad said, RTP ports are dynamic enough to preclude most MITM attacks. Any decently implemented SIP UA should not accept media packets from anywhere other than the indicated stream source.
Additionally, almost all (D)DoS attack patterns reliant on simple packet flooding exploit TCP stacks, since TCP allocates resources (memory) and state for TCP connections for a period of time. UDP is largely immune to that, since it's such a dumb fire-and-forget mechanism with no reliability abstraction layer.
This really isn't worth worrying about.
-- Alex