[75325] in North American Network Operators' Group
Re: How to Blocking VoIP ( H.323) ?
daemon@ATHENA.MIT.EDU (Alexei Roudnev)
Thu Nov 11 12:40:47 2004
From: "Alexei Roudnev" <alex@relcom.net>
To: "Christopher L. Morrow" <christopher.morrow@mci.com>,
"Irwin Lazar" <ilazar@burtongroup.com>
Cc: "Joe Shen" <joe_hznm@yahoo.com.sg>, "NANOG" <nanog@merit.edu>
Date: Thu, 11 Nov 2004 09:38:00 -0800
Errors-To: owner-nanog-outgoing@merit.edu
Hmm - just introduce some jitter into your network, and add random delay to
the short packets - and no VoIP in your company -:).
Other way - block ALL outbound connections (including DNS and HTTPS) and
require using proxy, or better do not allow external IP addresses.
-:)
(I should not be very optimistic about this).
----- Original Message -----
From: "Christopher L. Morrow" <christopher.morrow@mci.com>
To: "Irwin Lazar" <ilazar@burtongroup.com>
Cc: "Joe Shen" <joe_hznm@yahoo.com.sg>; "NANOG" <nanog@merit.edu>
Sent: Thursday, November 11, 2004 9:01 AM
Subject: Re: How to Blocking VoIP ( H.323) ?
>
>
> On Thu, 11 Nov 2004, Irwin Lazar wrote:
>
> >
> > The following resources may be helpful for H.323:
> >
> > IP Ports and Protocols used by H.323 Devices
> > http://www.teamsolutions.co.uk/tsfirewall.html
> >
> > The Problems and Pitfalls of Getting H.323 Safely Through Firewalls
> > http://www.chebucto.ns.ca/~rakerman/articles/ig-h323_firewalls.html
> >
>
> there is probably some traction to be had in reviewing other folks'
> attempts at this very thing as well. Check out Panama, for instance, their
> incumbent carrier (C&W as I recall) forced the federal regulators to ban
> VOIP through all ISP's in Panama, this turned out to be quite unworkable
> even in the short term. I believe a few other folks have attempted similar
> regulations with similar success rates :(
>
> VOIP, like IM runs, or can be run, across several ports/protocols with and
> without consistency in even the individual applications. For many things
> like this, if they are required via legislation in your local area, you
> might have better luck scoping the regulation's expectations, then using
> some metrics to show success/failure and WHY those metrics are the way
> they are.
>
> In the end though: "Good luck!" (Also, reference Ito-Jun's message from
> the IAB about wide scale filtering policies and their effects on the
> end-to-end nature of the Internet as a whole).
