North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: How to Blocking VoIP ( H.323) ?

  • From: Alexei Roudnev
  • Date: Thu Nov 11 12:38:41 2004 
SkyPE was designed to work thru any firewalls (except, of course, if you
block all outbound connections and require using HTTP proxy) -:).

----- Original Message ----- 
From: "Irwin Lazar" <[email protected]>
To: "Joe Shen" <[email protected]>
Cc: "NANOG" <[email protected]>
Sent: Thursday, November 11, 2004 8:16 AM
Subject: Re: How to Blocking VoIP ( H.323) ?


>
> The following resources may be helpful for H.323:
>
> IP Ports and Protocols used by H.323 Devices
> http://www.teamsolutions.co.uk/tsfirewall.html
>
> The Problems and Pitfalls of Getting H.323 Safely Through Firewalls
> http://www.chebucto.ns.ca/~rakerman/articles/ig-h323_firewalls.html
>
> SIP uses TCP port 5060 for signaling, however voice data traffic is
carried
> on random high ports.  Some SIP-based VoIP providers route voice data
> traffic back to a proxy server (I believe Vonage functions in this way),
so
> it may be easier to restrict.
>
> Skype requires outbound TCP access to either ports above 1024, or port 80,
> and they also recommend outbound UDP access to ports above 1024 (as well
as
> in-bound replies), so good luck blocking it. :-(
>
> And then there is VoIP as part of IM services (e.g. Apple iChatAV, AOL IM,
> or Yahoo Messenger), all of which function differently.
>
> irwin
>
> >
> >>
> >> Hi,
> >>
> >> How could it be done to block VoIP at access router?
> >>
> >> I've thought about using ACL to block UDP port
> >> 1719,but this could be overcome by modifying protocol
> >> port number.
> >>
> >> regards
> >>
> >> Joe
> >>
> >> __________________________________________________
> >> Do You Yahoo!?
> >> Log on to Messenger with your mobile phone!
> >> http://sg.messenger.yahoo.com
> >>
> >
> > -- 
>
> --------------------------------------------------------------------------
> > Joel Jaeggli          Unix Consulting
[email protected]
> > GPG Key Fingerprint:     5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F
56B2
> >
>