[asterisk-dev] the strictrtp feature is almost useless

Kevin P. Fleming kpfleming at digium.com
Thu Oct 14 15:52:49 CDT 2010


On 10/14/2010 03:40 PM, Benny Amorsen wrote:
> "Olle E. Johansson" <oej at edvina.net> writes:
> 
>> As Kevin said, there's no connection between the SDP and the RTP stream more than the port number.
>> With SRTP we will finally get that, regardless if you use encryption or not.
> 
> Yet it sees unlikely that other vendors accept audio from random
> endpoints, just because a port number matches. It also seems unlikely
> that they could be DoS'ed by a 65k packet flood. Surely e.g. Cisco has
> some kind of work around?

"Surely"? The point we've been trying to make here is that that the
receiver of the stream has *zero* information it can use to determine
whether the stream is arriving from a legitimate source, in the case
where the receiver is expected to support comedia (NAT) mode.

I suspect if you try this with any other SIP/RTP endpoint that can be
configured to allow for remote endpoints that are behind NAT devices to
interoperate, they will also accept RTP packets from any routable
destination. Certainly there could be some basic network-mask type
filtering (don't allow anything on the local network, for example), but
that's about it.

-- 
Kevin P. Fleming
Digium, Inc. | Director of Software Technologies
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
skype: kpfleming | jabber: kfleming at digium.com
Check us out at www.digium.com & www.asterisk.org



More information about the asterisk-dev mailing list