On Securing RTP-Based Streaming Content with Firewalls

  • Liang Lu
  • Rei Safavi-Naini
  • Jeffrey Horton
  • Willy Susilo
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3810)


Delivery of real-time streaming content is an increasingly important Internet application. Applications involved in processing streaming content may have exploitable vulnerabilities, as many other applications have been discovered to have, and using a firewall to filter out malicious traffic may provide some benefit. However, as these applications largely rely on traffic carried by RTP/UDP, firewalls that are unaware of the behaviour of RTP data streams have difficulties in filtering out malicious traffic injected into a stream by an attacker. In this paper, we observe a vulnerability in the current RTP protocol which allows an attacker to inject malicious traffic into a data stream, and present a scheme that allows a stateful firewall that keeps state from RTP packets to detect such malicious traffic. Our technique uses non-static fields such as RTP sequence numbers to improve the inspection scheme by modelling streaming traffic and detecting malicious streams based on deviation for this model. We show effectiveness of our approach by giving the results of our experiments.


Network security firewall streaming content 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
  2. 2.
  3. 3.
    Recommendation H.323: Visual Telephone Systems and Equipment for Local Area Networks Which Provide a Nonguaranteed Quality of Service. ITU-T (1996)Google Scholar
  4. 4.
    Connecting the World’s Voice (2003), Available at
  5. 5.
    NetScreen Concepts & Examples ScreenOS Reference Guide, Volume II: Fundermentals. Technical report, Juniper Networks (2004)Google Scholar
  6. 6.
    SnowShore Media Firewall. Technical report, Brooktrout Technology (2004)Google Scholar
  7. 7.
    Stateful Inspection Technology. Technical report, CheckPoint Software Technologies Ltd. (2004)Google Scholar
  8. 8.
    Cisco IOS Firewall. Technical report, Cisco Systems (2005), Available at
  9. 9.
    Cheswick, W.R., Bellovin, S.M.: Firewalls and Internet Security, Repelling the Wily Hacker. Addison-Wesley, Reading (1994)zbMATHGoogle Scholar
  10. 10.
    Fung, K.P.: SOCKS5-based Firewall Support for UDP-based Applications. Master’s thesis, The Hong Kong Polytechnic Univ., Dept. of Computing, Hong Kong, PRC (1999),
  11. 11.
    Gusella, R.: A Measurement Study of Diskless Workstation Traffic on an Ethernet. IEEE Transactions on Communications 38(9), 1557–1568 (1990)CrossRefGoogle Scholar
  12. 12.
    Johnson, R.A., Wichem, D.W.: Applied Multivariate Statistical Analysis. Prentice-Hall, Upper Saddle river (1998)Google Scholar
  13. 13.
  14. 14.
    Bacher, D., Swan, A., Rowe, L.A.: rtpmon: A Third-Party RTCP Monitor,
  15. 15.
    Fowler, H., Leland, W.: Local Area Network Traffic Characteristics, with Implications for Broadband Network Congestion Management. IEEE JSAC 9(7), 1139–1149 (1991)Google Scholar
  16. 16.
    Schulzrinne, H., Rao, A., Lanphier, R.: Real Time Streaming Protocol (RTSP). RFC 2336 (April 1998)Google Scholar
  17. 17.
    Schulzrinne, H., Casner, S., Frederick, R., Jacobson, V.: RTP: A Transport Protocol for Real-Time Applications. RFC 3550 (July 2003)Google Scholar
  18. 18.
    Merwe, J., Cceres, R., Chu, Y., Sreenan, C.: mmdump: a tool for monitoring internet multimedia traffic. ACM SIGCOMM Computer Communication Review 30, 48–59 (2000)CrossRefGoogle Scholar
  19. 19.
    Wack, J., Cutler, K., Pole, J.: Guidelines on Firewalls and Firewall Policy. Technical report, National Institute of Standards and Technology (2002)Google Scholar
  20. 20.
    Fung, K.P., Chang, R.K.C.: Secure media streaming & secure adaptation for non-scalable video. In: ICIP, vol. 3, pp. 1763–1766 (2004)Google Scholar
  21. 21.
    Handley, M., Schulzrinne, H., Schooler, E., Rosenberg, J.: SIP: Session Initiation Protocol. RFC 2543 (March 1999)Google Scholar
  22. 22.
    Danzig, P., Jamin, S., Caceres, R., Mitzel, D., Estrin, D.: An Empirical Workload Model for Driving Widearea TCP/IP Network Simulations. Internetworking: Research and Experience 3(1), 1–26 (1992)Google Scholar
  23. 23.
    Jain, R., Routhier, S.: Packet Trains - Measurements and a New Model for Computer Network Traffic. IEEE JSAC 4(6), 986–995 (1986)Google Scholar
  24. 24.
    Zimmermann, R., Fu, K., Shahabi, C., Jahangiri, M.: A Multi-Threshold Online Smoothing Technique for Variable Rate Multimedia Streams. Submitted for Journal PublicationGoogle Scholar
  25. 25.
    Sun Microsystems Inc. Java Media Framework (1994-2005)Google Scholar
  26. 26.
    Frost, V., Melamed, B.: Traffic Modeling for Telecommunications Networks. IEEE Communications Magazine 32(3), 70–80 (1994)CrossRefGoogle Scholar
  27. 27.
    Paxson, V., Floyd, S.: Wide-Area Traffic: The Failure of Poisson Modeling. IEEE/ACM Transactions on Networking (TON) 3(3), 226–244 (1995)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Liang Lu
    • 1
  • Rei Safavi-Naini
    • 1
  • Jeffrey Horton
    • 1
  • Willy Susilo
    • 1
  1. 1.Centre for Communication Security Research, School of Information Technology and Computer ScienceUniversity of WollongongAustralia

Personalised recommendations