[Serusers] rtpproxy address filling

Andres andres at telesip.net
Tue Apr 1 21:47:54 CEST 2008


Stefan Sayer wrote:

>
> Hello,
>
> I think this is an interesting question, but
>
> Andres wrote:
>
>> To answer my own question, I just set up a lab test to verify this.
>>
>> After the session is up and the address has been 'pre-filled', if 
>> rtpproxy receives a packet on the same UDP port as one of the call 
>> legs but from a different IP, it changes the address to which it 
>> forwards the stream.
>>
>> It immediately jumped into my mind that this could be a security 
>> vulnerability since a remote attacker could effectively bring down 
>> all sessions on an rtpproxy just by doing a UDP scan.
>
> ...wouldn't they switch back to the correct addresses when the next 
> RTP packet arrives, i.e. after 10/20/30 ms?
>
No it does not.  I tried it.  RTPProxy only switches addresses once.  
Although it is trivial to edit the source code and allow rtpproxy to 
always listen and adjust to IP Address changes during the entire call.

Andres
http://www.neuroredes.com

> Stefan
>
>




More information about the sr-users mailing list