Default turnserver Configuration Lacks no-udp, Enabling Reflection Attacks

[53c70r]

The current default configurations for the turnserver appear to not have the no-udp options enabled by default.

This default setting introduces a significant security risk, as it exposes the TURN server to Reflection Attacks via UDP.

[53c70r]

coturn/coturn#1588

[ggarber]

All the STUN traffic and most of the TURN traffic is UDP. Enabling "no-udp" will have impact on media quality.

[53c70r]

I suspect we should monitor 1588 for an upstream fix. This is currently a mitigation, and a true technical solution would likely require completely disabling UDP, which isn't feasible.
What do you think?