[Serusers] rtpproxy address filling
Stefan Sayer
stefan.sayer at iptego.com
Tue Apr 1 22:06:22 CEST 2008
Andres wrote:
>>>
>>> It immediately jumped into my mind that this could be a security
>>> vulnerability since a remote attacker could effectively bring down
>>> all sessions on an rtpproxy just by doing a UDP scan.
>> ...wouldn't they switch back to the correct addresses when the next
>> RTP packet arrives, i.e. after 10/20/30 ms?
>>
> No it does not. I tried it. RTPProxy only switches addresses once.
> Although it is trivial to edit the source code and allow rtpproxy to
> always listen and adjust to IP Address changes during the entire call.
so would the more secure fix maybe be to always allow a switch back to
the original address?
o streams with rtp from the original address would switch back the
connection address
o streams with rtp from different address would be vulnerable only for
the very short period of call setup, before the first packet arrived
(which makes the switch to the correct address)
Stefan
>
> Andres
> http://www.neuroredes.com
>
>> Stefan
>>
>>
>
> _______________________________________________
> Serusers mailing list
> Serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
--
Stefan Sayer
VoIP Services
stefan.sayer at iptego.com
www.iptego.com
iptego GmbH
Am Borsigturm 40
13507 Berlin
Germany
Amtsgericht Charlottenburg, HRB 101010
Geschaeftsfuehrer: Alexander Hoffmann
More information about the sr-users
mailing list