[Serusers] rtpproxy address filling

Stefan Sayer stefan.sayer at iptego.com
Tue Apr 1 22:06:22 CEST 2008



Andres wrote:
>>>
>>> It immediately jumped into my mind that this could be a security 
>>> vulnerability since a remote attacker could effectively bring down 
>>> all sessions on an rtpproxy just by doing a UDP scan.
>> ...wouldn't they switch back to the correct addresses when the next 
>> RTP packet arrives, i.e. after 10/20/30 ms?
>>
> No it does not.  I tried it.  RTPProxy only switches addresses once.  
> Although it is trivial to edit the source code and allow rtpproxy to 
> always listen and adjust to IP Address changes during the entire call.
so would the more secure fix maybe be to always allow a switch back to 
the original address?
  o streams with rtp from the original address would switch back the 
connection address
  o streams with rtp from different address would be vulnerable only for 
the very short period of call setup, before the first packet arrived 
(which makes the switch to the correct address)

Stefan

> 
> Andres
> http://www.neuroredes.com
> 
>> Stefan
>>
>>
> 
> _______________________________________________
> Serusers mailing list
> Serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers

-- 
Stefan Sayer
VoIP Services

stefan.sayer at iptego.com
www.iptego.com

iptego GmbH
Am Borsigturm 40
13507 Berlin
Germany

Amtsgericht Charlottenburg, HRB 101010
Geschaeftsfuehrer: Alexander Hoffmann



More information about the sr-users mailing list