We believe an attacker is using our service to possibly spam DNS requests. We are still investigating but it seems possible they are using a technique similar to the one used in this article Abusing WebRTC to Reveal Coarse Location Data in Signal | by David Wells | Tenable TechBlog | Medium to inject a domain into the ICE candidates list and force our server to perform a DNS resolution for that domain.
Has anyone else run into this? It seems like we would need to patch mediasoup or maybe even libwebrtc to filter out domain based ICE candidates. But this would also likely break our TURN servers so we would need to additionally provide a whitelist mechanism.
Thought I would reach out here before diving in too far to get others thoughts and see if maybe there is a simpler solution.