[asterisk-dev] strictrtp seems to be not so strict
tsearle at gmail.com
Fri Aug 26 06:54:30 CDT 2016
I'm looking at the implementation of strictrtp and it seems currently
there is no way disable re-learning in it. My concern is from a security
aspect, if somebody sends enough rtp packets to asterisk, he can have the
audio stream redirected to himself.
This could be mitigated possibly by setting the probation to a very high
value, but I was wondering if it would be interesting to allow probation =
0 to disable the functionality to re-learn. (exception for symmetric rtp
and ice, but that is already in place in the code)
If you guys as a community think this is a good idea to implement, I'll be
happy to craft a patch and ship it upstream.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the asterisk-dev