[asterisk-dev] strictrtp seems to be not so strict
Joshua Colp
jcolp at digium.com
Fri Aug 26 07:05:08 CDT 2016
Torrey Searle wrote:
> I'm looking at the implementation of strictrtp and it seems currently
> there is no way disable re-learning in it. My concern is from a
> security aspect, if somebody sends enough rtp packets to asterisk, he
> can have the audio stream redirected to himself.
>
> This could be mitigated possibly by setting the probation to a very high
> value, but I was wondering if it would be interesting to allow probation
> = 0 to disable the functionality to re-learn. (exception for symmetric
> rtp and ice, but that is already in place in the code)
I think it would be a fine addition to have more control over it, but I
wouldn't change the default.
You'd also likely either end up not switching to the new source with the
current code, or end up in a fight where it keeps switching it looks like.
--
Joshua Colp
Digium, Inc. | Senior Software Developer
445 Jan Davis Drive NW - Huntsville, AL 35806 - US
Check us out at: www.digium.com & www.asterisk.org
More information about the asterisk-dev
mailing list