[Serusers] rtpproxy address filling

Stefan Sayer stefan.sayer at iptego.com
Tue Apr 1 22:53:54 CEST 2008



Andres wrote:
> Stefan Sayer wrote:
> 
>>
>>
>> Andres wrote:
>>
>>>>>
>>>>> It immediately jumped into my mind that this could be a security 
>>>>> vulnerability since a remote attacker could effectively bring down 
>>>>> all sessions on an rtpproxy just by doing a UDP scan.
>>>>
>>>> ...wouldn't they switch back to the correct addresses when the next 
>>>> RTP packet arrives, i.e. after 10/20/30 ms?
>>>>
>>> No it does not.  I tried it.  RTPProxy only switches addresses once.  
>>> Although it is trivial to edit the source code and allow rtpproxy to 
>>> always listen and adjust to IP Address changes during the entire call.
>>

sorry, I was not precise:
>> so would the more secure fix maybe be to always allow a switch back to 
>> the original address?
... to the original address only?

so that a switch to an address away from the original address would be 
possible exactly once, but switching back to original address always.

this would also work with your D-Link modems.

Stefan

-- 
Stefan Sayer
VoIP Services

stefan.sayer at iptego.com
www.iptego.com

iptego GmbH
Am Borsigturm 40
13507 Berlin
Germany

Amtsgericht Charlottenburg, HRB 101010
Geschaeftsfuehrer: Alexander Hoffmann



More information about the sr-users mailing list