[VOIPSEC] Actual Attacks
Simon Horne
security at isvo.net
Wed Feb 23 12:22:00 CST 2005
>NATs are useful when address space scarcity (whether real or economically
>induced) is present. NATs are not security mechanisms and we'd best not
>advertise them as effective. NAT is a very big reason VoIP doesn't work
>well today, although we're learning to cope. What is actually happening is
>that we are inventing mechanisms to defeat NATs. Right now, if you
>implement the "ICE" stuff, you can get calls through most NATs. Some of it
>(TURN) is ugly, but it works.
STUN, ICE, TURN all have their problems and require "outside" help so to
speak.
Have you ever considered using UPnP. www.upnp.org Basically the VOIP device
communicates with the router/firewall thro' XML messaging and ports are opened
and forward to the device, the external IP address can also be obtained for
IP Masquarading.
I've implemented it using the "Intel Microstack" but it can easily be done
with in Windows XP (standard) or linux (there are a few projects on
sourceforge)
Most of the latest symmetric home routers support UPnP and I have found it
works
quite reliably.
Simon
More information about the Voipsec
mailing list