[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MMUSIC] media source ip/port in SDP

To: Mark Watson <mwatson@nortelnetworks.com>
Subject: Re: [MMUSIC] media source ip/port in SDP
From: Jonathan Rosenberg <jdrosen@dynamicsoft.com>
Date: Wed, 12 Jun 2002 18:55:47 -0400
CC: mmusic@ietf.org
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
Organization: dynamicsoft
References: <A3C2399B2FACD411A54200508BE39C74054F72FD@zwcwd00r.europe.nortel.com>
Sender: mmusic-admin@ietf.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0rc3) Gecko/20020523



Mark Watson wrote:
> Does anyone think there is a security risk associated with the fact that
> the source address/port of the sender is unknown to the receiver ?

No. Even if its known, it can be spoofed. If you want secure RTP, I 
recommend SRTP.

> 
> I understand that there are various ways that the receiver could
> distinguish RTP packets from the genuine correspondant from those of an
> attacker, but even so, if the receiver is on a low-bandwidth link, these
> packets could constitute a DoS attack.

SRTP provides an authentication check (I believe) which allows you to 
distinguish them.


> 
> A firewall could be used to control admission of packets to the
> low-bandwidth link based on destination address/port (assuming the
> client can open an appropriate pinhole), but you would have to wildcard
> the source address. If the source address of the packets was known, the
> pinhole could be made more specific, and so prevent attacks from an
> attacker who knew the destination address/port.

Well, once they find out the source (which would be just as easy as 
finding out the destination if both were in the SDP), the narrower 
pinhole doesn't help.


> 
> Or can we assume that any attacker who knew the destination address/port
> is probably in a position to spoof the correct source address anyway ?

Indeed.


> 
> As an aside, should RTCP reports be sent to the address received as
> source address in incoming RTP packets, or should they be sent to the
> same address as outgoing RTP packets ? If the latter (and the addresses
> are different),

Unless signaled explicitly with the sdp4nat extension, RTCP is sent to 
the same address as RTP, but on a port higher.

  why is the media sink device of my correspondant
> interested in RTCP reports for packets generated by the media source
> device, which has a separate network interface ?

Why would RTP and RTCP be on different network interfaces??

-Jonathan R.


-- 
Jonathan D. Rosenberg, Ph.D.            72 Eagle Rock Avenue
Chief Scientist                         First Floor
dynamicsoft                             East Hanover, NJ 07936
jdrosen@dynamicsoft.com                 FAX: (973) 952-5050
http://www.jdrosen.net                  PH:  (973) 952-5000
http://www.dynamicsoft.com



_______________________________________________
mmusic mailing list
mmusic@ietf.org
https://www1.ietf.org/mailman/listinfo/mmusic

References:
- RE: [MMUSIC] media source ip/port in SDP
  - From: Mark Watson

Prev by Date: [MMUSIC] Question on draft-ietf-mmusic-sdp-new-10.txt
Next by Date: Re: [MMUSIC] RTSP: Connectionless vs. connection-based
Previous by thread: RE: [MMUSIC] media source ip/port in SDP
Next by thread: RE: [MMUSIC] media source ip/port in SDP
Index(es):
- Date
- Thread