Re: How to Blocking VoIP ( H.323) ?

[Irwin Lazar <ilazar () burtongroup com>]

The following resources may be helpful for H.323:

IP Ports and Protocols used by H.323 Devices
http://www.teamsolutions.co.uk/tsfirewall.html

The Problems and Pitfalls of Getting H.323 Safely Through Firewalls
http://www.chebucto.ns.ca/~rakerman/articles/ig-h323_firewalls.html

SIP uses TCP port 5060 for signaling, however voice data traffic is carried
on random high ports.  Some SIP-based VoIP providers route voice data
traffic back to a proxy server (I believe Vonage functions in this way), so
it may be easier to restrict.

Skype requires outbound TCP access to either ports above 1024, or port 80,
and they also recommend outbound UDP access to ports above 1024 (as well as
in-bound replies), so good luck blocking it. :-(

And then there is VoIP as part of IM services (e.g. Apple iChatAV, AOL IM,
or Yahoo Messenger), all of which function differently.

irwin

> > Hi,
> >
> > How could it be done to block VoIP at access router?
> >
> > I've thought about using ACL to block UDP port
> > 1719,but this could be overcome by modifying protocol
> > port number.
> >
> > regards
> >
> > Joe
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Log on to Messenger with your mobile phone!
> > http://sg.messenger.yahoo.com
>
> -- 
> --------------------------------------------------------------------------
> Joel Jaeggli          Unix Consulting         joelja () darkwing uoregon edu
> GPG Key Fingerprint:     5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2