23 Feb
2008
23 Feb
'08
6:42 p.m.
"Gonzalo J. Sambucaro" <gonzalo.sambucaro(a)mslc.com.ar> writes:
[...]
1) When the first rtp packet of a source arrives, save the SSRC field in
the MP.
- Save the SSRC of the caller.
- Save the SSRC of the called.
2) If arrives a rtp packet with unknown source IP but with the same SSRC
field of some of the two streams, updates the binding (with the new IP
detected) between the caller and the MP or between the called and the MP
according to the field SSRC previously saved.
An attacker would have to guess/sniff the SSRC and then could take over
the rtp session? (maybe could be fixed by only allowing to take over
after some timeout)
On the other hand if he can sniff ...