[SR-Users] Detect network range in UDP traffic

Emanuele Gambaro emanuele.gambaro at pynlab.com
Tue Jun 27 11:28:15 CEST 2017


Thank you for your prompt reply!
The security hole about RTP injection is not a problem because we use in our solution encrypted voice protocols, so if an attacker tries to inject malicious RTP data would be discarded by the encrypted protocol

--
Emanuele Gambaro
---
email: emanuele.gambaro at pynlab.com
skype: sarbyn_work
OpenPGP Key: https://goo.gl/fdeVnI

> Il giorno 27 giu 2017, alle ore 11:15, Daniel Tryba <d.tryba at pocos.nl> ha scritto:
> 
> On Tue, Jun 27, 2017 at 11:03:00AM +0200, Emanuele Gambaro wrote:
>> Hi to all
>> I have the following scenario (Kamailio 5 and rtpproxy)
>> *) Bob on a wifi network calls Alice
>> *) During the call, Bob losts his wifi network (and so also changes his IP address)
>> *) The RTP flow is interrupted
>> 
>> With asterisk, disabling “Strict RTP” option, the flow does not interrupts: Asterisk detect the new IP address and sends the audio packets to the new IP address.
>> 
>> It is possible to setup this behavior also with Kamailio?
> 
> Don't know about rtpproxy, but rtpengine has the following option that
> implements your use case:
> 
> "media handover
> 
> Similar to the strict source option, but instead of dropping packets
> when the source address or port don't match, the endpoint address will
> be re-learned and moved to the new address. This allows endpoint
> addresses to change on the fly without going through signalling again.
> Note that this opens a security hole and potentially allows RTP streams
> to be hijacked, either partly or in whole."
> 
> 
> 
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20170627/88bced26/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20170627/88bced26/attachment.sig>


More information about the sr-users mailing list