Hi Gonzalo, The current mediaproxy will be replaced by MediaProxy 2.0 that addresses this issues.
Regards, Adrian On Apr 24, 2008, at 8:58 PM, Gonzalo J. Sambucaro wrote: > Hi, > By the timeout implementation in now more secure the support of > the NAT > IP change. To change the Caller/Called address the mediaproxy waits > for > two seconds that the Caller/Called doesn't send any rtp/rtcp packet > and > checking the SSRC. This change was tested and in production working > well. > > Also I found a bug in the asymmetric RTP UA support. This file > contains > the fix of the bug, the solution to the bug is very simple. How can > I do > to report the bug and the solution? > > Regards > >> "Gonzalo J. Sambucaro" <[EMAIL PROTECTED]> writes: >> >>> [...] >>> 1) When the first rtp packet of a source arrives, save the SSRC >>> field in >>> the MP. >>> - Save the SSRC of the caller. >>> - Save the SSRC of the called. >>> >>> 2) If arrives a rtp packet with unknown source IP but with the >>> same SSRC >>> field of some of the two streams, updates the binding (with the >>> new IP >>> detected) between the caller and the MP or between the called and >>> the MP >>> according to the field SSRC previously saved. >> >> An attacker would have to guess/sniff the SSRC and then could take >> over >> the rtp session? (maybe could be fixed by only allowing to take over >> after some timeout) >> On the other hand if he can sniff ... >> > > -- > Gonzalo J. Sambucaro > Ingeniería de Software > Tel: +54-341-4230504 > MSLC > [EMAIL PROTECTED] > www.mslc.com.ar > Ocampo y Esmeralda - Vivero de Empresas de Base Tecnológica > Ciudad Universitaria Rosario UNR, CCT CONICET > Rosario - Santa Fé - > Argentina<rtphandler.py.tgz>__________________________________________ > _____ > Devel mailing list > [EMAIL PROTECTED] > http://lists.openser.org/cgi-bin/mailman/listinfo/devel _______________________________________________ Users mailing list Users@lists.openser.org http://lists.openser.org/cgi-bin/mailman/listinfo/users
