[asterisk-dev] the strictrtp feature is almost useless
Kristijan Vrban
vrban.lkml at googlemail.com
Wed Oct 13 09:20:24 CDT 2010
Hello, following problem: Asterisk use RTP Port e.g from 14000-15000
and all phones have nat=yes. Now there is a call to a phone,
and asterisk use Port e.g. 14555, and the phone send it's rtp audio to
14555. Ok but the phone is buggy, and after hangup, the phone still
send rtp
to 14555 (and yes, in real live there are buggy phones that do this).
No problem the port is closed, and the rtp to this port get dropped.
But after a while there is a new call and asterisk reuse the port
14555 *BOOM* asterisk use the the rtp stream from the buggy phone, and
dropp the proper
stream with "strictrtp=yes" because the wrong rtp comes first and if
"strictrtp=no", it mix the wrong and right rtp stream.
has anyone ever thought about it? this issue can also be used by an
attacker. the attacker just need to send an RTP flooding to the RTP
range asterisk use,
to block the whole pbx. I have tried this. It's a simple and working attack.
In 2007 the problem was described in #8952 and the the ticket was
closed with the strictrtp feature. But the strictrtp does only do the
half job.
The issue i described is not handled.
The question the the dev list, can this issue fix at all? Because to
fix it, there is need any unique identifier in the rtp
packet itself. to match if this is the right or wrong rtp packet.
Kristijan
More information about the asterisk-dev
mailing list