1 Apr
2008
1 Apr
'08
5:33 p.m.
Stefan Sayer wrote:
Andres wrote:
... to the original address only?
so that a switch to an address away from the original address would be
possible exactly once, but switching back to original address always.
Sure, that sounds good and more secure too. Maybe Maxim can chime in
with his thoughts.
Andres
http://www.neuroredes.com
Stefan Sayer wrote:
>
>
> Andres wrote:
>
>>>>
>>>> It immediately jumped into my mind that this could be a security
>>>> vulnerability since a remote attacker could effectively bring
>>>> down all sessions on an rtpproxy just by doing a UDP scan.
>>>
>>>
>>> ...wouldn't they switch back to the correct addresses when the
>>> next RTP packet arrives, i.e. after 10/20/30 ms?
>>>
>> No it does not. I tried it. RTPProxy only switches addresses
>> once. Although it is trivial to edit the source code and allow
>> rtpproxy to always listen and adjust to IP Address changes during
>> the entire call.
>
>
sorry, I was not precise:
so would
the more secure fix maybe be to always allow a switch back
to the original address?
this would also work with your D-Link modems.
Stefan