[asterisk-dev] the strictrtp feature is almost useless

[Benny Amorsen]

Kristijan Vrban <vrban.lkml at googlemail.com> writes:

> has anyone ever thought about it? this issue can also be used by an
> attacker. the attacker just need to send an RTP flooding to the RTP
> range asterisk use, to block the whole pbx. I have tried this. It's a
> simple and working attack.

This issue sounds like a fairly generic SIP/RTP problem. What do other
SIP implementations do?


/Benny