[asterisk-biz] Fraud alert
Alistair Cunningham
acunningham at integrics.com
Fri Feb 27 17:10:21 CST 2009
Brent Vrieze wrote:
> Now a question. Do we need to worry about our RTP ports we have open?
You don't need to fear fraudsters using open RTP ports to place
unauthorised calls as this is purely handled at the SIP signalling
level, but there are a few other concerns:
1. If they can sniff packets for your valid calls, they can spoof the
source IP address, port, and sequence number of RTP packets to modify
the audio your or your interlocutor hear. This is very hard to do and
unless you're working in a highly sensitive industry this is not really
a concern.
2. If a security bug is ever found in Asterisk's RTP code (and I've no
specific reason to think it ever will), hackers could use this break
into your machine at the OS level. As always, the best defence is to
keep up to date with security alerts and apply updates any promptly.
Firewalling RTP can also be a "belt and braces" approach.
Alistair Cunningham
+1 888 468 3111
+44 20 799 39 799
http://integrics.com/
More information about the asterisk-biz
mailing list