nanog mailing list archives
Re: How to Blocking VoIP ( H.323) ?
From: "Alexei Roudnev" <alex () relcom net>
Date: Thu, 11 Nov 2004 09:38:00 -0800
Hmm - just introduce some jitter into your network, and add random delay to the short packets - and no VoIP in your company -:). Other way - block ALL outbound connections (including DNS and HTTPS) and require using proxy, or better do not allow external IP addresses. -:) (I should not be very optimistic about this). ----- Original Message ----- From: "Christopher L. Morrow" <christopher.morrow () mci com> To: "Irwin Lazar" <ilazar () burtongroup com> Cc: "Joe Shen" <joe_hznm () yahoo com sg>; "NANOG" <nanog () merit edu> Sent: Thursday, November 11, 2004 9:01 AM Subject: Re: How to Blocking VoIP ( H.323) ?
On Thu, 11 Nov 2004, Irwin Lazar wrote:The following resources may be helpful for H.323: IP Ports and Protocols used by H.323 Devices http://www.teamsolutions.co.uk/tsfirewall.html The Problems and Pitfalls of Getting H.323 Safely Through Firewalls http://www.chebucto.ns.ca/~rakerman/articles/ig-h323_firewalls.htmlthere is probably some traction to be had in reviewing other folks' attempts at this very thing as well. Check out Panama, for instance, their incumbent carrier (C&W as I recall) forced the federal regulators to ban VOIP through all ISP's in Panama, this turned out to be quite unworkable even in the short term. I believe a few other folks have attempted similar regulations with similar success rates :( VOIP, like IM runs, or can be run, across several ports/protocols with and without consistency in even the individual applications. For many things like this, if they are required via legislation in your local area, you might have better luck scoping the regulation's expectations, then using some metrics to show success/failure and WHY those metrics are the way they are. In the end though: "Good luck!" (Also, reference Ito-Jun's message from the IAB about wide scale filtering policies and their effects on the end-to-end nature of the Internet as a whole).
Current thread:
- How to Blocking VoIP ( H.323) ? Joe Shen (Nov 11)
- RE: How to Blocking VoIP ( H.323) ? Scott Morris (Nov 11)
- Re: How to Blocking VoIP ( H.323) ? Joel Jaeggli (Nov 11)
- Re: How to Blocking VoIP ( H.323) ? Irwin Lazar (Nov 11)
- Re: How to Blocking VoIP ( H.323) ? Christopher L. Morrow (Nov 11)
- Re: How to Blocking VoIP ( H.323) ? Alexei Roudnev (Nov 11)
- Re: How to Blocking VoIP ( H.323) ? Robert Mathews (Nov 11)
- Re: How to Blocking VoIP ( H.323) ? Christopher L. Morrow (Nov 11)
- Re: How to Blocking VoIP ( H.323) ? Robert Mathews (Nov 11)
- Re: How to Blocking VoIP ( H.323) ? Joe Shen (Nov 12)
- Re: How to Blocking VoIP ( H.323) ? Alexei Roudnev (Nov 12)
- Re: How to Blocking VoIP ( H.323) ? Christopher L. Morrow (Nov 12)
- Re: How to Blocking VoIP ( H.323) ? Alexei Roudnev (Nov 13)
- Re: How to Blocking VoIP ( H.323) ? Christopher L. Morrow (Nov 13)
- Re: How to Blocking VoIP ( H.323) ? Irwin Lazar (Nov 11)
- Re: How to Blocking VoIP ( H.323) ? Robert Mathews (Nov 13)
- Re: How to Blocking VoIP ( H.323) ? Simon Leinen (Nov 12)