[OpenSER-Users] mediaproxy server NEW FEATURE!!!
Gonzalo J. Sambucaro
gonzalo.sambucaro at mslc.com.ar
Thu Apr 24 20:58:32 CEST 2008
Hi,
By the timeout implementation in now more secure the support of the NAT
IP change. To change the Caller/Called address the mediaproxy waits for
two seconds that the Caller/Called doesn't send any rtp/rtcp packet and
checking the SSRC. This change was tested and in production working
well.
Also I found a bug in the asymmetric RTP UA support. This file contains
the fix of the bug, the solution to the bug is very simple. How can I do
to report the bug and the solution?
Regards
> "Gonzalo J. Sambucaro" <gonzalo.sambucaro at mslc.com.ar> writes:
>
>> [...]
>> 1) When the first rtp packet of a source arrives, save the SSRC field in
>> the MP.
>> - Save the SSRC of the caller.
>> - Save the SSRC of the called.
>>
>> 2) If arrives a rtp packet with unknown source IP but with the same SSRC
>> field of some of the two streams, updates the binding (with the new IP
>> detected) between the caller and the MP or between the called and the MP
>> according to the field SSRC previously saved.
>
> An attacker would have to guess/sniff the SSRC and then could take over
> the rtp session? (maybe could be fixed by only allowing to take over
> after some timeout)
> On the other hand if he can sniff ...
>
--
Gonzalo J. Sambucaro
Ingeniería de Software
Tel: +54-341-4230504
MSLC
gonzalo.sambucaro at mslc.com.ar
www.mslc.com.ar
Ocampo y Esmeralda - Vivero de Empresas de Base Tecnológica
Ciudad Universitaria Rosario UNR, CCT CONICET
Rosario - Santa Fé - Argentina
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rtphandler.py.tgz
Type: application/octet-stream
Size: 12572 bytes
Desc: not available
Url : http://lists.kamailio.org/pipermail/users/attachments/20080424/28c8b052/attachment.obj
More information about the Users
mailing list