[Serusers] rtpproxy address filling

Andres andres at telesip.net
Tue Apr 1 23:33:54 CEST 2008


Stefan Sayer wrote:

>
>
> Andres wrote:
>
>> Stefan Sayer wrote:
>>
>>>
>>>
>>> Andres wrote:
>>>
>>>>>>
>>>>>> It immediately jumped into my mind that this could be a security 
>>>>>> vulnerability since a remote attacker could effectively bring 
>>>>>> down all sessions on an rtpproxy just by doing a UDP scan.
>>>>>
>>>>>
>>>>> ...wouldn't they switch back to the correct addresses when the 
>>>>> next RTP packet arrives, i.e. after 10/20/30 ms?
>>>>>
>>>> No it does not.  I tried it.  RTPProxy only switches addresses 
>>>> once.  Although it is trivial to edit the source code and allow 
>>>> rtpproxy to always listen and adjust to IP Address changes during 
>>>> the entire call.
>>>
>>>
>
> sorry, I was not precise:
>
>>> so would the more secure fix maybe be to always allow a switch back 
>>> to the original address?
>>
> ... to the original address only?
>
> so that a switch to an address away from the original address would be 
> possible exactly once, but switching back to original address always.
>
Sure, that sounds good and more secure too.   Maybe Maxim can chime in 
with his thoughts.

Andres
http://www.neuroredes.com

> this would also work with your D-Link modems.
>
> Stefan
>




More information about the sr-users mailing list