[VOIPSEC] Actual Attacks - UA handling
Geoff Devine
gdevine at cedarpointcom.com
Mon Mar 7 20:19:01 CST 2005
Craig Southeren writes:
> We've found over the years with OpenH323 that relying on monotonic
> increasing RTP sequence numbers is not a good idea.
The PacketCable VoIP over Cable security spec defines an optional RTP
timestamp integrity check procedure. In PacketCable, the 32-bit RTP
timestamp starts randomly and increments in 125 uSec tics. If you
receive a packet with a timestamp out of a reasonable deviation from
what you're expecting, you discard it. This works fine in an
environment where everyone is getting a stratum 3 or better clock but
you have to be careful deciding what to use for "reasonable deviation"
if you're running voice activity detection/silence suppression and have
lots of clock skew on endpoints running off inaccurate local
oscillators.
I must confess we had a bug with our gear a couple of years ago where we
forgot to disable codecs from time to time. We discovered that none of
the PacketCable MTA endpoint devices had implemented this optional
procedure.
Geoff
More information about the Voipsec
mailing list