H.323, layer 8 perspective

[Robert.Andres () stn siemens com]

Hello all,

Well, there's been some discussion on H.323 lately, which I have read with
great abandon.  There are a few questions that remain unanswered for me...

The reason H.323 is cropping up IMHO is Voice over IP.  Its the biggest
baddest 800lb gorrilla around (at least in terms of buzz) and, while its in
its infance (meaning, not yet too concerned with standards) it mostly
relies/includes H.323.  Personally I am near an organization involved with
this sort of thing and to date the solutions proposed for "fire holing"
H.323 are to dynamically open only those high number UDP ports requested
(H.323 comes in on a standard port, you verify the calling IP address
perhaps, and then open only those UDP ports required for the call).

Question 1 : How bad or good is that?  While I feel its better than nothing
and the best solution proposed to date, I cannot escape a sneaking
suspicion that once the mechanics of this new "telephony" are known it
won't take long to for dastardly evil doerers to develop scanning tools
that locate the currently open UDP ports.

Question 2 : Technically (NEWBIE QUESTION), what kind of attacks can be run
through these ports?  Does the time limit help?  What if you could also
draw on information on "allowed" IP addresses (given that the first
business scenario for VoIP is within corporations that have a T1 connecting
their sites).

Question 3 : Any creative ideas on what could be done OTHER than dynamic
opening of UDP ports?

Question 4 : Have any of you been approached or have you implemented VoIP?

I am afraid that I do not yet know enough to answer questions on H.323 at
the level I expect might be posed by this group.  However, there is an
excellent (and to the point) white paper available on Intel's web site.

Thanks!

Robert