Jens, yes, if an attacker guess/sniff the SSRC then could take over the rtp session. A timeout would work fine but right now I don't have the time to do it, if somebody else wants to do it I can send the source code.
Regards, Gonzalo. > "Gonzalo J. Sambucaro" <[EMAIL PROTECTED]> writes: > >> [...] >> 1) When the first rtp packet of a source arrives, save the SSRC field in >> the MP. >> - Save the SSRC of the caller. >> - Save the SSRC of the called. >> >> 2) If arrives a rtp packet with unknown source IP but with the same SSRC >> field of some of the two streams, updates the binding (with the new IP >> detected) between the caller and the MP or between the called and the MP >> according to the field SSRC previously saved. > > An attacker would have to guess/sniff the SSRC and then could take over > the rtp session? (maybe could be fixed by only allowing to take over > after some timeout) > On the other hand if he can sniff ... > > _______________________________________________ > Users mailing list > [EMAIL PROTECTED] > http://lists.openser.org/cgi-bin/mailman/listinfo/users > -- Gonzalo J. Sambucaro Ingeniería de Software Tel: +54-341-4230504 MSLC [EMAIL PROTECTED] www.mslc.com.ar Ocampo y Esmeralda - Vivero de Empresas de Base Tecnológica Ciudad Universitaria Rosario UNR, CCT CONICET Rosario - Santa Fé - Argentina _______________________________________________ Devel mailing list Devel@lists.openser.org http://lists.openser.org/cgi-bin/mailman/listinfo/devel