Re: How to Blocking VoIP ( H.323) ?

[Alexei Roudnev]

SkyPE was designed to work thru any firewalls (except, of course, if you
block all outbound connections and require using HTTP proxy) -:).

----- Original Message ----- 
From: "Irwin Lazar" <ilazar@burtongroup.com>
To: "Joe Shen" <joe_hznm@yahoo.com.sg>
Cc: "NANOG" <nanog@merit.edu>
Sent: Thursday, November 11, 2004 8:16 AM
Subject: Re: How to Blocking VoIP ( H.323) ?


>
> The following resources may be helpful for H.323:
>
> IP Ports and Protocols used by H.323 Devices
> http://www.teamsolutions.co.uk/tsfirewall.html
>
> The Problems and Pitfalls of Getting H.323 Safely Through Firewalls
> http://www.chebucto.ns.ca/~rakerman/articles/ig-h323_firewalls.html
>
> SIP uses TCP port 5060 for signaling, however voice data traffic is
carried
> on random high ports.  Some SIP-based VoIP providers route voice data
> traffic back to a proxy server (I believe Vonage functions in this way),
so
> it may be easier to restrict.
>
> Skype requires outbound TCP access to either ports above 1024, or port 80,
> and they also recommend outbound UDP access to ports above 1024 (as well
as
> in-bound replies), so good luck blocking it. :-(
>
> And then there is VoIP as part of IM services (e.g. Apple iChatAV, AOL IM,
> or Yahoo Messenger), all of which function differently.
>
> irwin
>
> >
> >>
> >> Hi,
> >>
> >> How could it be done to block VoIP at access router?
> >>
> >> I've thought about using ACL to block UDP port
> >> 1719,but this could be overcome by modifying protocol
> >> port number.
> >>
> >> regards
> >>
> >> Joe
> >>
> >> __________________________________________________
> >> Do You Yahoo!?
> >> Log on to Messenger with your mobile phone!
> >> http://sg.messenger.yahoo.com
> >>
> >
> > -- 
>
> --------------------------------------------------------------------------
> > Joel Jaeggli          Unix Consulting
joelja@darkwing.uoregon.edu
> > GPG Key Fingerprint:     5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F
56B2
> >
>