[75306] in North American Network Operators' Group
RE: How to Blocking VoIP ( H.323) ?
daemon@ATHENA.MIT.EDU (Fergie (Paul Ferguson))
Thu Nov 11 08:34:34 2004
From: "Fergie (Paul Ferguson)" <fergdawg@netzero.net>
Date: Thu, 11 Nov 2004 13:28:31 GMT
To: swm@emanon.com
Cc: joe_hznm@yahoo.com.sg, nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
One might also suggest that explicit "denials", as
opposed to explicit "permits", as an access-control
policy is fundamentally flawed security approach in
the first place....
My $.02,
- ferg
-- "Scott Morris" <swm@emanon.com> wrote:
Tcp/1719 is part of the H323 Gatekeeper default ports (which can be changed)
Tcp/1720 is the H.225 call setup port, and I haven't heard of this being a configurable port.
-----Original Message-----
From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Joe Shen
Sent: Thursday, November 11, 2004 6:40 AM
To: NANGO
Subject: How to Blocking VoIP ( H.323) ?
Hi,
How could it be done to block VoIP at access router?
I've thought about using ACL to block UDP port 1719,but this could be
overcome by modifying protocol port number.
regards
Joe
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawg@netzero.net or
fergdawg@sbcglobal.net
