Below, please:
s/such/VoIP filtering/
and it will be true. It do not depends of alghoritm you are using.
Moreover, if you deploy such service, someone else can deploy VoIP which
uses https tunnel to it, and you will not have any chances than to block
total https traffic.
It (such thing) can
On Sat, 13 Nov 2004, Alexei Roudnev wrote:
>
> >
> > On Fri, 12 Nov 2004, Alexei Roudnev wrote:
> >
> > > If someone want to be insane - allow him to do it; what's the problem?
> Is
> > > this question coming from Panamian government? -:)
> >
> > when you have to comply with some insane gov't r
joshua sahala [13/11/04 19:40 -0500]:
> i've also heard of satellite links being used to bypass the filtering...a
> cheap local phone (or six) can be kept hidden from the authorities for as
> long as the bribes are paid and/or it doesn't cut too deeply into the
> ptt's monopoly
Goes on all the ti
At 9:46 AM -0800 11/12/04, Alexei Roudnev wrote:
>Not too easy, but I can imagine few alghoritms doing it. Remember that VoIP
>uses short packets, and you cam always recognize Ack and Tcp packets which
>should not be disrupted. Jitter does not slow down network, except if it
>interacts with RTT ca
On (13/11/04 12:53), Alexei Roudnev wrote:
>
> I agree with Robert. But if you deal with some super tricked protocols (like
> SpyPE) and you really want to block VoIP (not show that you comply to
> regulations, but REALLY block it) - disruption looks as the only real
> opportunity. For any filter
your filters.
- Original Message -
From: "Robert Mathews" <[EMAIL PROTECTED]>
To: "NANOG" <[EMAIL PROTECTED]>
Sent: Saturday, November 13, 2004 11:12 AM
Subject: Re: How to Blocking VoIP ( H.323) ?
>
>
>
> On Fri, 12 Nov 2004, Alexei Roudnev
On Fri, 12 Nov 2004, Christopher L. Morrow wrote:
> On Fri, 12 Nov 2004, Alexei Roudnev wrote:
>
> > If someone want to be insane - allow him to do it; what's the problem? Is
> > this question coming from Panamian government? -:)
>
> when you have to comply with some insane gov't ruling at pen
On Fri, 12 Nov 2004, Alexei Roudnev wrote:
> Date: Fri, 12 Nov 2004 09:46:15 -0800
> From: Alexei Roudnev <[EMAIL PROTECTED]>
> To: Robert Mathews <[EMAIL PROTECTED]>, NANOG <[EMAIL PROTECTED]>
> Subject: Re: How to Blocking VoIP ( H.323) ?
>
> > Alexei
>
> On Fri, 12 Nov 2004, Alexei Roudnev wrote:
>
> > If someone want to be insane - allow him to do it; what's the problem?
Is
> > this question coming from Panamian government? -:)
>
> when you have to comply with some insane gov't ruling at penalty of
> legal (possibly felony type actions) you
On Thu, 11 Nov 2004, Robert Mathews wrote:
On Thu, 11 Nov 2004, Alexei Roudnev wrote:
> Hmm - just introduce some jitter into your network, and add random delay to
> the short packets - and no VoIP in your company -:).
How exactly then would anyone implement this, without screwing-up
On Fri, 12 Nov 2004, Alexei Roudnev wrote:
> If someone want to be insane - allow him to do it; what's the problem? Is
> this question coming from Panamian government? -:)
when you have to comply with some insane gov't ruling at penalty of
legal (possibly felony type actions) you will also squ
Joe Shen wrote:
How could it be done to block VoIP at access router?
"I urge all my competitors to do this."
jc
t; Cc: Joe Shen <[EMAIL PROTECTED]>, NANOG <[EMAIL PROTECTED]>
> > Subject: Re: How to Blocking VoIP ( H.323) ?
> >
> >
> > Hmm - just introduce some jitter into your network, and add random delay
to
> > the short packets - and no VoIP in your company
n not. That's all. Other methods can provide temporary reliefe
only.
- Original Message -
From: "Christopher L. Morrow" <[EMAIL PROTECTED]>
To: "Robert Mathews" <[EMAIL PROTECTED]>
Cc: "NANOG" <[EMAIL PROTECTED]>
Sent: Thursday, Novemb
Robert Mathews writes:
> On Thu, 11 Nov 2004, Alexei Roudnev wrote:
>> Hmm - just introduce some jitter into your network, and add random
>> delay to the short packets - and no VoIP in your company -:).
> Alexei:
> How exactly then would anyone implement this, without screwing-up the
> overall p
, Christopher L. Morrow wrote:
>
> > Date: Thu, 11 Nov 2004 19:49:10 + (GMT)
> > From: Christopher L. Morrow
> <[EMAIL PROTECTED]>
> > To: Robert Mathews <[EMAIL PROTECTED]>
> > Cc: NANOG <[EMAIL PROTECTED]>
> > Subject: Re: How t
On Thu, 11 Nov 2004, Christopher L. Morrow wrote:
> Date: Thu, 11 Nov 2004 19:49:10 + (GMT)
> From: Christopher L. Morrow <[EMAIL PROTECTED]>
> To: Robert Mathews <[EMAIL PROTECTED]>
> Cc: NANOG <[EMAIL PROTECTED]>
> Subject: Re: How to Blocking VoIP (
On Thu, 11 Nov 2004, Robert Mathews wrote:
>
>
> To Joe Shen:
>
> Perhaps 'I am failing to see it' but, what can be gained by blocking VoIP
> traffic other than freeing bandwidth and CPU churnings?
reference panamanian gov'ts choice to protect legacy/incumbant carrier
business by blocking voip.
--On 11 November 2004 10:46 -0800 Randy Bush <[EMAIL PROTECTED]> wrote:
What business issue/problem are you trying to address by
blocking VoIP?
an incumbent telco which also has the monopoly on ip might
want to prevent bypass. welcome to singapore, and remember
to try the chili crab.
Me I'm tryin
> 1) Your problem is a wonky broken H.323 that dies when it
> gets a connection from outside.
>
> 2) Your problem is "corporate insider uses VoIP to call a
> competitor and leak trade secrets".
>
> 3) Your problem is "VoIP users bypassing billing for telephone calls".
>
> All three will require d
> What business issue/problem are you trying to address by
> blocking VoIP?
an incumbent telco which also has the monopoly on ip might
want to prevent bypass. welcome to singapore, and remember
to try the chili crab.
randy
<[EMAIL PROTECTED]>
> Subject: Re: How to Blocking VoIP ( H.323) ?
>
>
> Hmm - just introduce some jitter into your network, and add random delay to
> the short packets - and no VoIP in your company -:).
Alexei:
How exactly then would anyone implement this, without
On Thu, 11 Nov 2004 19:40:29 +0800, Joe Shen said:
> How could it be done to block VoIP at access router?
What business issue/problem are you trying to address by
blocking VoIP? Since there's so many different things out
there (H.323, Skype, the various IM software), a "proper"
solution probably
optimistic about this).
- Original Message -
From: "Christopher L. Morrow" <[EMAIL PROTECTED]>
To: "Irwin Lazar" <[EMAIL PROTECTED]>
Cc: "Joe Shen" <[EMAIL PROTECTED]>; "NANOG" <[EMAIL PROTECTED]>
Sent: Thursday, Nov
G" <[EMAIL PROTECTED]>
Sent: Thursday, November 11, 2004 8:16 AM
Subject: Re: How to Blocking VoIP ( H.323) ?
>
> The following resources may be helpful for H.323:
>
> IP Ports and Protocols used by H.323 Devices
> http://www.teamsolutions.co.uk/tsfirewall.html
>
> The P
On Thu, 11 Nov 2004, Irwin Lazar wrote:
>
> The following resources may be helpful for H.323:
>
> IP Ports and Protocols used by H.323 Devices
> http://www.teamsolutions.co.uk/tsfirewall.html
>
> The Problems and Pitfalls of Getting H.323 Safely Through Firewalls
> http://www.chebucto.ns.ca/~rak
The following resources may be helpful for H.323:
IP Ports and Protocols used by H.323 Devices
http://www.teamsolutions.co.uk/tsfirewall.html
The Problems and Pitfalls of Getting H.323 Safely Through Firewalls
http://www.chebucto.ns.ca/~rakerman/articles/ig-h323_firewalls.html
SIP uses TCP port
I don't imainge that most voip is h.323 anymore.
On Thu, 11 Nov 2004, Joe Shen wrote:
Hi,
How could it be done to block VoIP at access router?
I've thought about using ACL to block UDP port
1719,but this could be overcome by modifying protocol
port number.
regards
Joe
__
One might also suggest that explicit "denials", as
opposed to explicit "permits", as an access-control
policy is fundamentally flawed security approach in
the first place
My $.02,
- ferg
-- "Scott Morris" <[EMAIL PROTECTED]> wrote:
Tcp/1719 is part of the H323 Gatekeeper default ports (w
Tcp/1719 is part of the H323 Gatekeeper default ports (which can be changed)
Tcp/1720 is the H.225 call setup port, and I haven't heard of this being a
configurable port.
HTH,
Scott Morris, MCSE, CCDP, CCIE4 (R&S/ISP-Dial/Security/Service Provider)
#4713, JNCIP, CCNA-WAN Switching, CCSP, Cabl
30 matches
Mail list logo
