Firewall Wizards mailing list archives
H.323, layer 8 perspective
From: Robert.Andres () stn siemens com
Date: Sun, 7 Jun 1998 23:46:20 -0400
Hello all, Well, there's been some discussion on H.323 lately, which I have read with great abandon. There are a few questions that remain unanswered for me... The reason H.323 is cropping up IMHO is Voice over IP. Its the biggest baddest 800lb gorrilla around (at least in terms of buzz) and, while its in its infance (meaning, not yet too concerned with standards) it mostly relies/includes H.323. Personally I am near an organization involved with this sort of thing and to date the solutions proposed for "fire holing" H.323 are to dynamically open only those high number UDP ports requested (H.323 comes in on a standard port, you verify the calling IP address perhaps, and then open only those UDP ports required for the call). Question 1 : How bad or good is that? While I feel its better than nothing and the best solution proposed to date, I cannot escape a sneaking suspicion that once the mechanics of this new "telephony" are known it won't take long to for dastardly evil doerers to develop scanning tools that locate the currently open UDP ports. Question 2 : Technically (NEWBIE QUESTION), what kind of attacks can be run through these ports? Does the time limit help? What if you could also draw on information on "allowed" IP addresses (given that the first business scenario for VoIP is within corporations that have a T1 connecting their sites). Question 3 : Any creative ideas on what could be done OTHER than dynamic opening of UDP ports? Question 4 : Have any of you been approached or have you implemented VoIP? I am afraid that I do not yet know enough to answer questions on H.323 at the level I expect might be posed by this group. However, there is an excellent (and to the point) white paper available on Intel's web site. Thanks! Robert
Current thread:
- H.323, layer 8 perspective Robert . Andres (Jun 08)