[c-nsp] Fwd: RTP permission and related attacks/threats

Ahmed -Y yhameed81 at gmail.com
Fri Oct 11 16:30:11 EDT 2013


HI Guys,



I have to permit RTP traffic from internal network to other organizations
(under different management) on gateway devices (routers, switches). I am
curious to know if there are known attacks/threats when upd range
16384-32767 is permited. RTP source/destination can be desk phone or PC
with softphone. If yes then can we configure gateway routers/switches to
protect from these attacks.



We have cisco 7200, 6500, 3550, 3560, 3750 switches as gateway devices.



One more quick question are there only two ways (NBAR and ACL with udp
range) on routers/switches to identify/match RTP traffic? I know Firewalls
provide feature like inspect, AGL etc to dynamically identify RTP ports by
inspecting control traffic.



Your input will be highly appreciated



Regards


More information about the cisco-nsp mailing list