Comments on: RTPbleed Security Alert: Asterisk Calls Can Be Intercepted

By: JAz

JAz — Wed, 11 Oct 2017 04:43:51 +0000

All seems to work after the change. Great!

Assume this change to the FW rules will make it in to future snapshots/upgrades of IPBX Wazo?

[WM: Already has.]

By: redes red

redes red — Fri, 29 Sep 2017 22:20:19 +0000

Funciona gracias Ward Mundy @NerdUno

[English: Works thanks]

By: dziny1

dziny1 — Sat, 09 Sep 2017 20:42:25 +0000

I’ve started to encrypt everything since Snowden revelations. That includes using TLS+SRTP on cell phones (only use for apps that support it), deploying openvpn between fixed locations. Not surprised that RTP packets are trivial to intercept once they leave your network.

By: kumar Ullal

kumar Ullal — Fri, 08 Sep 2017 22:06:26 +0000

I tried doing that on iptables on centos running travelinman. I get oneway audio. Others can hear me, I cannot hear outsiders.I have selected NAT=no and gsm and ulaw codes. the server is on cloud with public IP. [WM: I responded to you in the PIAF Forum thread, but my suggestion is to try nat=yes even on the cloud platform. I know it sounds crazy, but it works for me.]

By: Rob

Rob — Fri, 08 Sep 2017 21:56:19 +0000

I would hope people would start talking about two long-term solutions…

1. Require RTP to carry some level of authentication or be transmitted through a secure tunnel established using SIP.
2. Abandon SIP for IAX2. You avoid the need of the ridiculous shenanigans required to traverse a NAT firewall, you get built-in trunking, and you have security built into the protocol. The fact that IAX2 hasn’t gotten more exposure is a shame.

[WM: The problem is that most VoIP phones don’t support IAX2, but a few do. Otherwise, I agree.]