North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: How to Blocking VoIP ( H.323) ?
The following resources may be helpful for H.323: IP Ports and Protocols used by H.323 Devices http://www.teamsolutions.co.uk/tsfirewall.html The Problems and Pitfalls of Getting H.323 Safely Through Firewalls http://www.chebucto.ns.ca/~rakerman/articles/ig-h323_firewalls.html SIP uses TCP port 5060 for signaling, however voice data traffic is carried on random high ports. Some SIP-based VoIP providers route voice data traffic back to a proxy server (I believe Vonage functions in this way), so it may be easier to restrict. Skype requires outbound TCP access to either ports above 1024, or port 80, and they also recommend outbound UDP access to ports above 1024 (as well as in-bound replies), so good luck blocking it. :-( And then there is VoIP as part of IM services (e.g. Apple iChatAV, AOL IM, or Yahoo Messenger), all of which function differently. irwin > >> >> Hi, >> >> How could it be done to block VoIP at access router? >> >> I've thought about using ACL to block UDP port >> 1719,but this could be overcome by modifying protocol >> port number. >> >> regards >> >> Joe >> >> __________________________________________________ >> Do You Yahoo!? >> Log on to Messenger with your mobile phone! >> http://sg.messenger.yahoo.com >> > > -- > -------------------------------------------------------------------------- > Joel Jaeggli Unix Consulting [email protected] > GPG Key Fingerprint: 5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2 >
|