ALERT RTP stream security risk

ostridge

Guru
Joined
Jan 22, 2015
Messages
1,618
Reaction score
517
and Incredible PBX for Raspbian:
Code:
sed -i 's|-A INPUT -p udp -m multiport --dports 10000:20000 -j ACCEPT|\#-A INPUT -p udp -m multiport --dports 10000:20000 -j ACCEPT|' /etc/iptables/rules.v4
sed -i 's|-A INPUT -p udp -m multiport --dports 10000:20000 -j ACCEPT|\#-A INPUT -p udp -m multiport --dports 10000:20000 -j ACCEPT|' /etc/iptables/rules.v4.ubuntu14

I applied the above on Raspbian, no errors but
when I did nano on /etc/iptables/rules.v4, nano couldn't find "-A INPUT -p udp -m multiport --dports 10000:20000 -j ACCEPT" (using ctrl+W )

Instead I found
Code:
-A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT
but no #. Also no mention of multiport

Same thing in rules.v4.ubunto14.

Shouldn't these code lines be included in the root logon updates utility?
 

Jose Pinto

Member
Joined
Oct 26, 2017
Messages
148
Reaction score
20
Hi
I'm a little bit confused, I read this post on Blog Nerd Vittles Blog: "RTPbleed Security Alert: Asterisk Calls Can Be Intercepted" so for curiosity I just start to look at iptables and I did not find the line: -A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT , I find this line: -A INPUT -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT.
After that I start to read this post I seams to me that @wardmundy already fixed the problem with the new install of 13-13 ( I made mine13-13 in last november), so I do not need to do any action, right?
TIA
 
Last edited:

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
Hi
I'm a little bit confused, I read this post on Blog Nerd Vittles Blog: "RTPbleed Security Alert: Asterisk Calls Can Be Intercepted" so for curiosity I just start to look at iptables and I did not find the line: -A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT , I find this line: -A INPUT -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT.
After that I start to read this post I seams to me that @wardmundy already fixed the problem with the new install of 13-13 ( I made mine13-13 in last november), so I do not need to do any action, right?
TIA

Correct. It's been addressed.
 

Members online

No members online now.

Forum statistics

Threads
25,781
Messages
167,507
Members
19,201
Latest member
troutpocket
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Top