[asterisk-users] Binding to 0.0.0.0 a security risk?
Jakob Hirsch
jh at plonk.de
Wed Feb 8 03:38:01 CST 2012
Raj Mathur (राज माथुर), 2012-02-08 03:27:
> Packets not going out on the same interface as the one they were
> received on is a general IP issue, not just for connectionless
Right, this was a inaccuracy. It should say "Asterisk does not reply
with the IP address with which packets were received". Asterisk (as most
applications) does not care about network interfaces, it just handles IP
addresses.
> protocols. The same behaviour can be seen with TCP too. Unless you
> mangle with iptables or something, all information about the received
A tcp connection is defined by the tuple (source host&port, destination
host&port), so if you write to a tcp socket, the kernel knows which
source address it has to use (and also which destination address, so the
application doesn't need to know that at all).
As there's no such relation in udp, the application has to provide the
destination address. The kernel then decides which source address to
use, as long as the application did not bind() to a specific address.
More information about the asterisk-users
mailing list