[Serusers] rtpproxy address filling

Valentin Nechayev netch at portaone.com
Wed Apr 2 14:15:50 CEST 2008


>>>>> Andres <andres at telesip.net> wrote:

>>> After the session is up and the address has been 'pre-filled', if 
>>> rtpproxy receives a packet on the same UDP port as one of the call 
>>> legs but from a different IP, it changes the address to which it 
>>> forwards the stream.
>>>
>>> It immediately jumped into my mind that this could be a security 
>>> vulnerability since a remote attacker could effectively bring down 
>>> all sessions on an rtpproxy just by doing a UDP scan.

If this is concern for you, use option 'A' for commands.
Asymmetric mode means destination can't be changed, but source
with the same host, but another port, is accepted.

Default mode is designed for NAT traversal when external address
detector (e.g. STUN) is absent or misworking. Security risk is
other side of successful working under such conditions.

> No it does not.  I tried it.  RTPProxy only switches addresses once.  
> Although it is trivial to edit the source code and allow rtpproxy to 
> always listen and adjust to IP Address changes during the entire call.

Really there no such need, but we use variant when rtpproxy
relearns for each packet in first 3 seconds after update/lookup
command.

-- 
Valentin Nechayev
PortaOne Inc., Software Engineer
mailto:netch at portaone.com



More information about the sr-users mailing list