ALERT RTP stream security risk

wardmundy said:
and Incredible PBX for Raspbian:
Code: 
sed -i 's|-A INPUT -p udp -m multiport --dports 10000:20000 -j ACCEPT|\#-A INPUT -p udp -m multiport --dports 10000:20000 -j ACCEPT|' /etc/iptables/rules.v4
sed -i 's|-A INPUT -p udp -m multiport --dports 10000:20000 -j ACCEPT|\#-A INPUT -p udp -m multiport --dports 10000:20000 -j ACCEPT|' /etc/iptables/rules.v4.ubuntu14
Click to expand...

I applied the above on Raspbian, no errors but
when I did nano on /etc/iptables/rules.v4, nano couldn't find "-A INPUT -p udp -m multiport --dports 10000:20000 -j ACCEPT" (using ctrl+W )

Instead I found
Code: 
-A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT
but no #. Also no mention of multiport

Same thing in rules.v4.ubunto14.

Shouldn't these code lines be included in the root logon updates utility?
 
Hi
I'm a little bit confused, I read this post on Blog Nerd Vittles Blog: "RTPbleed Security Alert: Asterisk Calls Can Be Intercepted" so for curiosity I just start to look at iptables and I did not find the line: -A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT , I find this line: -A INPUT -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT.
After that I start to read this post I seams to me that @wardmundy already fixed the problem with the new install of 13-13 ( I made mine13-13 in last november), so I do not need to do any action, right?
TIA
 
Last edited:
Jose Pinto said:
Hi
I'm a little bit confused, I read this post on Blog Nerd Vittles Blog: "RTPbleed Security Alert: Asterisk Calls Can Be Intercepted" so for curiosity I just start to look at iptables and I did not find the line: -A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT , I find this line: -A INPUT -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT.
After that I start to read this post I seams to me that @wardmundy already fixed the problem with the new install of 13-13 ( I made mine13-13 in last november), so I do not need to do any action, right?
TIA
Click to expand...

Correct. It's been addressed.
 
You must log in or register to reply here.

Members online

Total: 26 (members: 2, guests: 24)

Latest Posts

Forum statistics

Threads
26,686
Messages
174,407
Members
20,257
Latest member
Dempan
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Verify your Email

Check your inbox!

We’ve sent you an email. Click on the button in the email body to verify your email address – (if you can not find it, check your spam folder).

Upon verification you will be directed to the 3CX setup wizard.

Back
Top