sobomax 2008/08/14 03:40:52 CEST
SER CVS Repository
Modified files:
. main.c rtp_server.c rtpp_command.c
rtpp_defines.h rtpp_util.c rtpp_util.h
Log:
Implement random ports allocation. Basically, instead of allocating
UDP ports sequentally as before this change, generate a random "path"
through the available port range at startup. Then select a random
port by simply skipping to the next port in that list of random
ports.
This should provide good resistance not only against RTP injections
attacks but also against DOS attacks. DOS attack was possible if
attacker could place a call through the proxy and observe port
allocated for her own session. Then she could have generated flood
of UDP packets to port numbers close to that port resulting in RTPproxy
possibly "latching" attacker's IP instead of legitimate IPs of the new
sessions' endpoints preventing RTP path from establishing.
Submitted by: Tavis Paquette <tavis at galaxytelecom dot net>
Peter Baer <pbaer at galaxytelecom dot net>
Revision Changes Path
1.82 +19 -10 rtpproxy/main.c
http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/rtpproxy/main.c.diff?r1=1.81&r2=1.82
1.9 +1 -2 rtpproxy/rtp_server.c
http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/rtpproxy/rtp_server.c.diff?r1=1.8&r2=1.9
1.17 +14 -23 rtpproxy/rtpp_command.c
http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/rtpproxy/rtpp_command.c.diff?r1=1.16&r2=1.17
1.17 +5 -2 rtpproxy/rtpp_defines.h
http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/rtpproxy/rtpp_defines.h.diff?r1=1.16&r2=1.17
1.10 +27 -1 rtpproxy/rtpp_util.c
http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/rtpproxy/rtpp_util.c.diff?r1=1.9&r2=1.10
1.11 +2 -1 rtpproxy/rtpp_util.h
http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/rtpproxy/rtpp_util.h.diff?r1=1.10&r2=1.11
_______________________________________________
Serdev mailing list
[email protected]
http://lists.iptel.org/mailman/listinfo/serdev
