Hello Simon,
Friday, February 10, 2006, 12:02:40 PM, you wrote:
>>
>>Ok, it may be small hole, but GnuGK must not accept RTP packets from
>>third address.
>>For example:
>>IP1,IP1,IP1,IP2,IP1,IP2,IP1,IP2,IP1,IP2 OK
>>IP1,IP2,IP1,IP2,IP2,IP3,IP2,IP3,IP2,IP3 OK (may be dynamic routing)
>>but
>>IP1,IP2,IP1,IP2,IP3,IP1,IP2,IP3,IP1,IP2,IP3 - intrusion, we must
>>ignore packets from IP3.
>>Case, when IP3 sends first packet before IP2, have too low
>>probability. IP3 must permanently (and before session start) send packets
>>to specific port, and it can be detected.
SH> This is what is natively does now so it can get the port from the NAT box
SH> however it will only recognize the address it has for the Endpoint and will
SH> not accept any other. Having looked closely at the code, I cannot easily
SH> see how to make this change work. If you cannot match the IP address with
SH> the socket address, how would you know which socket (forward or reverse) to
SH> set. If you set the wrong address to the wrong socket it would cause a
SH> whole lot more problems. I think the fix your asking for would be very
SH> difficult to implement properly....Sorry but either Jan or Michal would
SH> need to look at this.
OK, it can be:
===
/* autodetect channel source IP:PORT that was not specified by OLCs */
if(fDestIP==fromIP && rSrcIP==fromIP){
fDir=1;
}else if(rDestIP==fromIP && fSrcIP==fromIP){
fDir=0;
}else{
if(fDir){
rDestIP=fSrcIP=fromIP;
rDestPort=fSrcPort=fromPort;
fDir=0;
}else{
fDestIP=rSrcIP=fromIP;
fDestPort=rSrcPort=fromPort;
fDir=1;
}
Address laddr;
WORD lport = 0;
GetLocalAddress(laddr, lport);
SetName(AsString(fSrcIP, fSrcPort) + "=>" + AsString(laddr, lport));
}
===
IP1,IP2,IP1,IP2,IP2,IP3,IP2,IP3,IP2,IP3 - OK (IP1 changed to IP3)
but
IP1,IP2,IP1,IP2,IP1,IP3,IP2,IP3,IP2,IP3 - ??? (IP1 actually changed to IP3,
but we have IP2=>IP3 and IP1=>IP2, ie address swap)
Can this swap be source of big troubles?
--
Best regards,
Roman mailto:roman@xxxxxx
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________________
Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users
Homepage: http://www.gnugk.org/
