[OpenSIPS-Users] question about rtpbleed and MediaProxy by Ag-Projects

Dan Pascu dan at ag-projects.com
Fri Mar 16 09:58:37 EDT 2018


On 16 Mar 2018, at 11:15, Carlos Oliva wrote:

> Hi Dan:
> 
> If you spray all ports in the range you still can cause a DOS,

I thought the exercise was about eavesdropping and impersonation. I would argue that if an attacker wants to eavesdrop or impersonate someone they would probably attempt to be as stealthy as possible and not cause a ruckus that would draw attention to them.

If one wants to cause DoS they can do it at any level 9IP/SIP/RTP), there is nothing particularly special about the media relay. I could even argue that given that the RTP relaying happens at the kernel level, it could deal with a lot more traffic before being overloaded than a user space forwarding solution.

> but giving preference to the address of sip signaling this kind of attack can be mitigated in 99.9% of the cases. I think you've got a great idea that should make MediaProxy even harder.


--
Dan







More information about the Users mailing list