[asterisk-dev] the strictrtp feature is almost useless
Kevin P. Fleming
kpfleming at digium.com
Fri Oct 15 10:29:07 CDT 2010
On 10/15/2010 10:26 AM, Klaus Darilion wrote:
> Theoretically you are correct, but practically the peers IP address used
> for SIP signaling is a good hint were the RTP will come from.
> This is e.g. used in rtpproxy to allow "latching" only from the clients
> IP address.
>
> Of course this again give problems if the attacker is behind the same
> NAT as the user, but practically it solves many scenarios...
In my experience (and that of many others on this list) who use Asterisk
with SIP service providers, this will fail completely, because the SIP
signaling originates from a softswitch/SBC/proxy, and the media
originates from one of many media gateways. This sort of method would
only really be applicable to 'endpoints' that are being used, not
trunking or similar services.
--
Kevin P. Fleming
Digium, Inc. | Director of Software Technologies
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
skype: kpfleming | jabber: kfleming at digium.com
Check us out at www.digium.com & www.asterisk.org
More information about the asterisk-dev
mailing list