[Serusers] rtpproxy address filling
Andres
andres at telesip.net
Tue Apr 1 23:33:54 CEST 2008
Stefan Sayer wrote:
>
>
> Andres wrote:
>
>> Stefan Sayer wrote:
>>
>>>
>>>
>>> Andres wrote:
>>>
>>>>>>
>>>>>> It immediately jumped into my mind that this could be a security
>>>>>> vulnerability since a remote attacker could effectively bring
>>>>>> down all sessions on an rtpproxy just by doing a UDP scan.
>>>>>
>>>>>
>>>>> ...wouldn't they switch back to the correct addresses when the
>>>>> next RTP packet arrives, i.e. after 10/20/30 ms?
>>>>>
>>>> No it does not. I tried it. RTPProxy only switches addresses
>>>> once. Although it is trivial to edit the source code and allow
>>>> rtpproxy to always listen and adjust to IP Address changes during
>>>> the entire call.
>>>
>>>
>
> sorry, I was not precise:
>
>>> so would the more secure fix maybe be to always allow a switch back
>>> to the original address?
>>
> ... to the original address only?
>
> so that a switch to an address away from the original address would be
> possible exactly once, but switching back to original address always.
>
Sure, that sounds good and more secure too. Maybe Maxim can chime in
with his thoughts.
Andres
http://www.neuroredes.com
> this would also work with your D-Link modems.
>
> Stefan
>
More information about the sr-users
mailing list