[OpenSER-Users] mediaproxy server NEW FEATURE!!!
Gonzalo J. Sambucaro
gonzalo.sambucaro at mslc.com.ar
Mon Feb 25 13:10:24 CET 2008
Jens,
yes, if an attacker guess/sniff the SSRC then could take over the rtp
session. A timeout would work fine but right now I don't have the
time to do it, if somebody else wants to do it I can send the source
code.
Regards,
Gonzalo.
> "Gonzalo J. Sambucaro" <gonzalo.sambucaro at mslc.com.ar> writes:
>
>> [...]
>> 1) When the first rtp packet of a source arrives, save the SSRC field in
>> the MP.
>> - Save the SSRC of the caller.
>> - Save the SSRC of the called.
>>
>> 2) If arrives a rtp packet with unknown source IP but with the same SSRC
>> field of some of the two streams, updates the binding (with the new IP
>> detected) between the caller and the MP or between the called and the MP
>> according to the field SSRC previously saved.
>
> An attacker would have to guess/sniff the SSRC and then could take over
> the rtp session? (maybe could be fixed by only allowing to take over
> after some timeout)
> On the other hand if he can sniff ...
>
> _______________________________________________
> Users mailing list
> Users at lists.openser.org
> http://lists.openser.org/cgi-bin/mailman/listinfo/users
>
--
Gonzalo J. Sambucaro
Ingeniería de Software
Tel: +54-341-4230504
MSLC
gonzalo.sambucaro at mslc.com.ar
www.mslc.com.ar
Ocampo y Esmeralda - Vivero de Empresas de Base Tecnológica
Ciudad Universitaria Rosario UNR, CCT CONICET
Rosario - Santa Fé - Argentina
More information about the sr-users
mailing list