[asterisk-dev] the strictrtp feature is almost useless
Olle E. Johansson
oej at edvina.net
Thu Oct 14 07:01:41 CDT 2010
14 okt 2010 kl. 13.54 skrev Benny Amorsen:
> Kristijan Vrban <vrban.lkml at googlemail.com> writes:
>
>> has anyone ever thought about it? this issue can also be used by an
>> attacker. the attacker just need to send an RTP flooding to the RTP
>> range asterisk use, to block the whole pbx. I have tried this. It's a
>> simple and working attack.
>
> This issue sounds like a fairly generic SIP/RTP problem. What do other
> SIP implementations do?
As Kevin said, there's no connection between the SDP and the RTP stream more than the port number.
With SRTP we will finally get that, regardless if you use encryption or not.
/O
More information about the asterisk-dev
mailing list