[asterisk-dev] strictrtp seems to be not so strict

Torrey Searle tsearle at gmail.com
Fri Aug 26 06:54:30 CDT 2016

I'm looking at the implementation of strictrtp and it seems currently
 there is no way disable re-learning in it.  My concern is from a security
aspect, if somebody sends enough rtp packets to asterisk, he can have the
audio stream redirected to himself.

This could be mitigated possibly by setting the probation to a very high
value, but I was wondering if it would be interesting to allow probation =
0 to disable the functionality to re-learn.  (exception for symmetric rtp
and ice, but that is already in place in the code)

If you guys as a community think this is a good idea to implement, I'll be
happy to craft a patch and ship it upstream.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20160826/dd37fc0f/attachment.html>

More information about the asterisk-dev mailing list