Re: How to Blocking VoIP ( H.323) ?

["Alexei Roudnev" <alex () relcom net>]

SkyPE was designed to work thru any firewalls (except, of course, if you
block all outbound connections and require using HTTP proxy) -:).

----- Original Message ----- 
From: "Irwin Lazar" <ilazar () burtongroup com>
To: "Joe Shen" <joe_hznm () yahoo com sg>
Cc: "NANOG" <nanog () merit edu>
Sent: Thursday, November 11, 2004 8:16 AM
Subject: Re: How to Blocking VoIP ( H.323) ?


> The following resources may be helpful for H.323:
>
> IP Ports and Protocols used by H.323 Devices
> http://www.teamsolutions.co.uk/tsfirewall.html
>
> The Problems and Pitfalls of Getting H.323 Safely Through Firewalls
> http://www.chebucto.ns.ca/~rakerman/articles/ig-h323_firewalls.html
>
> SIP uses TCP port 5060 for signaling, however voice data traffic is
carried
> on random high ports.  Some SIP-based VoIP providers route voice data
> traffic back to a proxy server (I believe Vonage functions in this way),
so
> it may be easier to restrict.
>
> Skype requires outbound TCP access to either ports above 1024, or port 80,
> and they also recommend outbound UDP access to ports above 1024 (as well
as
> in-bound replies), so good luck blocking it. :-(
>
> And then there is VoIP as part of IM services (e.g. Apple iChatAV, AOL IM,
> or Yahoo Messenger), all of which function differently.
>
> irwin
>
> > > Hi,
> > >
> > > How could it be done to block VoIP at access router?
> > >
> > > I've thought about using ACL to block UDP port
> > > 1719,but this could be overcome by modifying protocol
> > > port number.
> > >
> > > regards
> > >
> > > Joe
> > >
> > > __________________________________________________
> > > Do You Yahoo!?
> > > Log on to Messenger with your mobile phone!
> > > http://sg.messenger.yahoo.com
> >
> > -- 
>
> --------------------------------------------------------------------------
> > Joel Jaeggli          Unix Consulting
joelja () darkwing uoregon edu
> > GPG Key Fingerprint:     5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F
56B2
> >