[asterisk-users] Under heavy attack

Joel Maslak jmaslak at antelope.net
Sun Oct 31 11:52:58 CDT 2010


On Oct 31, 2010, at 9:39 AM, Mark Deneen <mdeneen at gmail.com> wrote:

> On Sun, Oct 31, 2010 at 11:26 AM, Joel Maslak <jmaslak at antelope.net> wrote:
>> If these are mobile users, I hope they never use any public networks
>> (hotels, starbucks) where other subscribers can do things like ARP attacks
>> to do MITM (and steal your calls; it might not be happening today, but it
>> will be happening soon - as the social networking attacks demonstrate).  If
>> you do have truly roaming users, I hope you use HTTPS (with validation of
>> certs turned on) or a VPN (likely not an option of connecting to an ADSL
>> site, due to bandwidth concerns).
> 
> Can you explain why VPN is not an option for ADSL?  (Open)VPN overhead
> is not that high.  ~70 bytes per packet if I remember correctly.


I can't remember how big OpenVPN's overhead is, but RTP packets are very small (I want to say a 128 byte payload for G711 codecs and 20ms sample per packet).  So that overhead is much more significant than it would be for, say, HTTP.  It also increases latency for that packet (longer packets take longer) and often jitter (this is a bit more complex, but basically the shorter all the packets are the more manageable jitter is for QoS).  RTP over VPN will have lower quality, assuming you deal with any non-QoS links (such as the internet).


More information about the asterisk-users mailing list