How to Blocking VoIP ( H.323) ?

Thu Nov 11 17:38:00 UTC 2004

Hmm - just introduce some jitter into your network, and add random delay to
the short packets - and no VoIP in your company -:).

Other way - block ALL outbound connections (including DNS and HTTPS) and
require using proxy, or better do not allow external IP addresses.

-:)
(I should not be very optimistic about this).

----- Original Message ----- 
From: "Christopher L. Morrow" <christopher.morrow at mci.com>
To: "Irwin Lazar" <ilazar at burtongroup.com>
Cc: "Joe Shen" <joe_hznm at yahoo.com.sg>; "NANOG" <nanog at merit.edu>
Sent: Thursday, November 11, 2004 9:01 AM
Subject: Re: How to Blocking VoIP ( H.323) ?

>
>
> On Thu, 11 Nov 2004, Irwin Lazar wrote:
>
> >
> > The following resources may be helpful for H.323:
> >
> > IP Ports and Protocols used by H.323 Devices
> > http://www.teamsolutions.co.uk/tsfirewall.html
> >
> > The Problems and Pitfalls of Getting H.323 Safely Through Firewalls
> > http://www.chebucto.ns.ca/~rakerman/articles/ig-h323_firewalls.html
> >
>
> there is probably some traction to be had in reviewing other folks'
> attempts at this very thing as well. Check out Panama, for instance, their
> incumbent carrier (C&W as I recall) forced the federal regulators to ban
> VOIP through all ISP's in Panama, this turned out to be quite unworkable
> even in the short term. I believe a few other folks have attempted similar
> regulations with similar success rates :(
>
> VOIP, like IM runs, or can be run, across several ports/protocols with and
> without consistency in even the individual applications. For many things
> like this, if they are required via legislation in your local area, you
> might have better luck scoping the regulation's expectations, then using
> some metrics to show success/failure and WHY those metrics are the way
> they are.
>
> In the end though: "Good luck!" (Also, reference Ito-Jun's message from
> the IAB about wide scale filtering policies and their effects on the
> end-to-end nature of the Internet as a whole).