[OpenSER-Users] mediaproxy server NEW FEATURE!!!

Gonzalo J. Sambucaro gonzalo.sambucaro at mslc.com.ar
Thu Apr 24 20:58:32 CEST 2008


Hi,
   By the timeout implementation in now more secure the support of the NAT
IP change. To change the Caller/Called address the mediaproxy waits for
two seconds that the Caller/Called doesn't send any rtp/rtcp packet and
checking the SSRC. This change was tested and in production working
well.

Also I found a bug in the asymmetric RTP UA support. This file contains
the fix of the bug, the solution to the bug is very simple. How can I do
to report the bug and the solution?

Regards

> "Gonzalo J. Sambucaro" <gonzalo.sambucaro at mslc.com.ar> writes:
>
>> [...]
>> 1) When the first rtp packet of a source arrives, save the SSRC field in
>> the MP.
>>  - Save the SSRC of the caller.
>>  - Save the SSRC of the called.
>>
>> 2) If arrives a rtp packet with unknown source IP but with the same SSRC
>> field of some of the two streams, updates the binding (with the new IP
>> detected) between the caller and the MP or between the called and the MP
>> according to the field SSRC previously saved.
>
> An attacker would have to guess/sniff the SSRC and then could take over
> the rtp session? (maybe could be fixed by only allowing to take over
> after some timeout)
> On the other hand if he can sniff ...
>

-- 
Gonzalo J. Sambucaro
Ingeniería de Software
Tel: +54-341-4230504
MSLC
gonzalo.sambucaro at mslc.com.ar
www.mslc.com.ar
Ocampo y Esmeralda - Vivero de Empresas de Base Tecnológica
Ciudad Universitaria Rosario UNR, CCT CONICET
Rosario - Santa Fé - Argentina
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rtphandler.py.tgz
Type: application/octet-stream
Size: 12572 bytes
Desc: not available
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20080424/28c8b052/attachment.obj>


More information about the sr-users mailing list