North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: How to Blocking VoIP ( H.323) ?

  • From: Alexei Roudnev
  • Date: Thu Nov 11 12:41:58 2004

Hmm - just introduce some jitter into your network, and add random delay to
the short packets - and no VoIP in your company -:).

Other way - block ALL outbound connections (including DNS and HTTPS) and
require using proxy, or better do not allow external IP addresses.

(I should not be very optimistic about this).

----- Original Message ----- 
From: "Christopher L. Morrow" <[email protected]>
To: "Irwin Lazar" <[email protected]>
Cc: "Joe Shen" <[email protected]>; "NANOG" <[email protected]>
Sent: Thursday, November 11, 2004 9:01 AM
Subject: Re: How to Blocking VoIP ( H.323) ?

> On Thu, 11 Nov 2004, Irwin Lazar wrote:
> >
> > The following resources may be helpful for H.323:
> >
> > IP Ports and Protocols used by H.323 Devices
> >
> >
> > The Problems and Pitfalls of Getting H.323 Safely Through Firewalls
> >
> >
> there is probably some traction to be had in reviewing other folks'
> attempts at this very thing as well. Check out Panama, for instance, their
> incumbent carrier (C&W as I recall) forced the federal regulators to ban
> VOIP through all ISP's in Panama, this turned out to be quite unworkable
> even in the short term. I believe a few other folks have attempted similar
> regulations with similar success rates :(
> VOIP, like IM runs, or can be run, across several ports/protocols with and
> without consistency in even the individual applications. For many things
> like this, if they are required via legislation in your local area, you
> might have better luck scoping the regulation's expectations, then using
> some metrics to show success/failure and WHY those metrics are the way
> they are.
> In the end though: "Good luck!" (Also, reference Ito-Jun's message from
> the IAB about wide scale filtering policies and their effects on the
> end-to-end nature of the Internet as a whole).