Add SRTP application-layer filtering into coturn to stop people trying to use it to relay DNS/QUIC/COAP/whatever #2009
Comments
|
would need to also relay DataChannel traffic too... |
|
Hi, is there any news on this? |
|
wouldn't this be a coturn feature? |
|
wait, coturn doesn't know anything about SRTP or RTP: it's all just TCP or UDP to the turn server. Is this a proposal to try to implement a heuristic to decide what is being transmitted and block the traffic if it doesn't match what is being sent? |
|
@richvdh I initially thought it was a documentation request to help configure coturn; however given that coturn doesn't do that, I would argue that synapse would benefit from such a feature. Is this possible though? |
|
the traffic isn't going through synapse, so I don't think so... |
|
So after all it is coturn "feature request" (would probably need a fork). For now, I guess admins shouldn't allow calls as guest and probably not as "untrusted" users either. Maybe synapse could have a hardening option that disallows calls for users registered less than X days ago? In my personal case, I'll implement that hardening on my external authentication system. |
No description provided.
The text was updated successfully, but these errors were encountered: