RTP is the Internet-standard protocol for the transport of real-time data, including audio and video. It can be used for media-on-demand as well as interactive services such as Internet telephony. RTP is a thin protocol providing support for applications with real-time properties such as continuous media (e.g., audio and video), including timing reconstruction, loss detection, security and content identification.
As mentioned, one application for RTP is Internet telephony also referred to as Voice over Internet Protocol, (“VoIP”). There are several VoIP protocols that make use of RTP. These protocols include both a signaling channel for transmitting and receiving control information related to the call and a bearer channel for the actual voice component of the call. These protocols are H.323 and H.248, Media Gateway Control Protocol (MGCP) and Session Initiation Protocol (SIP). The signaling protocol is a separate session from the media, or voice, stream and includes in its payload (as opposed to its header) an IP address and port destination of where to send the media stream while the media (voice) will be carried using Real Time Protocol (RTP).
Problems can occur with the RTP streams used in real time media, such as VoIP, when unanticipated, or rogue, packets are found in the RTP streams. An example of such rogue packets includes packets that are received after RTP stream has been supposedly terminated by the appropriate signal on the control channel. Another example involves rogue packets from an unanticipated source received at the same time as packets are being sent and received in an authentic RTP stream.
The problem is particularly apparent at network address translation/network address and port translation (“NAT/NAPT”) devices used between public and private Internet Protocol (“IP”) domains. These devices translate private IP addresses into public IP addresses (and vice versa), and create pinholes by allowing traffic on authorized addresses and ports and blocking traffic on unauthorized addresses and ports. Rogue RTP packets occur when a device on one end of the RTP stream functions improperly and continues to transmit data after the real time media session it is associated with has been terminated. The primary concern with this type of rogue packets is if the NAT/NAPT device sees the termination of the real time media session by watching the control stream, it would normally release the address and port associated with the pinhole for the RTP stream. If that address and port are then reused for a separate session while rogue packets are still being sent from the previous malfunctioning device, the new session will be corrupted by the rogue packets.
In addition to a malfunctioning device, rogue packets can be generated from a hostile source for malicious purposes. This presents a security threat, as a normal NAT/NAPT device would not recognize the rogue packets using an authorized pinhole.
Accordingly, what is needed is a method for recognizing and handling rogue RTP packets in the network.