How to protect REMB external UDP port from internet attack

On the Media Broker

The media broker will only accept traffic from addresses that have had a valid STUN transaction and so have setup a valid call.  REMB traffic is carried over RTCP which is also encrypted so it shouldn't be possible to spoof the packets.

 

On the Firewall

Firewalls like the Cisco ASA can be used for protecting the Media Broker external UDP port. By default it has connection limits set to unlimited, however if you know your normal traffic levels (found out by completing an audit or using information gathered from IDS like SNORT {A Cisco technology}) you can set up connection limits for a policy map that you apply to the media broker traffic:

set connection conn-max n

Full details in

http://www.cisco.com/c/en/us/td/docs/security/asa/asa93/configuration/firewall/asa-firewall-cli/conns-connlimits.pdf

 

 

Comments are disabled on these articles if you require help contact support@cafex.com.

Have more questions? Submit a request

Comments

Powered by Zendesk