I think, obviously, that what Paul meant by open chest would was this, last
posted to the list here, when the topic was hot, on or about; 30 Jun 2000:
NetMeeting uses the following Internet Protocol (IP) ports:
Port Purpose
-------------------------------------
389 Internet Locator Server [Transmission Control Protocol (TCP)]
522 User Location Server (TCP)
1503 T.120 (TCP)
1720 H.323 call setup (TCP)
1731 Audio call control (TCP)
Dynamic H.323 call control (TCP)
Dynamic H.323 streaming [Realtime Transport Protocol (RTP) over User
Datagram Protocol (UDP)]
To establish outbound NetMeeting connections through a firewall, the
firewall must be configured to do the following:
Pass through primary TCP connections on ports 522, 389, 1503, 1720 and
1731.
Pass through secondary UDP connections on dynamically assigned ports
(1024-65535).
Looks like a sieve from here.
Thanks,
Ron DuFresne
On 10 May 2001, Michael T. Babcock wrote:
> On 10 May 2001 10:26:13 -0400, Paul D. Robertson wrote:
> > 1. "Among others" is one of the telling phrases. Not that any streaming
> > protocol is particularly security freindly, including 323.
>
> And what evidence do you have that any streaming protocol is a security
> risk, since you harp on them?
>
> > 2. Streaming media protocols aren't "proxied", they're passed.
>
> Oh? Would you mind reading up on how H323 gatewaying works and come
> back later?
>
> > going to be a signficant tunneling vector outside of HTTP and DNS, H.323
> > will be the one.
>
> And how do you propose that anything be proxied over H323?
>
> > 4. Firewalls protect based on *blocking* traffic, not on passing it.
>
> Yes, by setting DENY all data on my machine, I'm much happier. I can't
> send or receive E-mail or browse the web. The point of being connected
> to the Internet is to enjoy its functionality _while_ remaining
> sufficiently secure. Security is not the end-all and be-all of every
> company's existance.
>
> > Interoperability is important because if you're
> > relying on either proxy enforcement or protocol specifications for any
> > measure of prortection, then deviations change the evaluation.
>
> I use OpenH323 software for Linux to talk to people on Netmeeting. It
> works. That's my evidence. If you don't know anything about the
> protocols or software in question, why do you bother commenting?
>
> > Can I encrypt a video or audio call?
> >
> > No. When you use encryption you are forced into a "data only" mode.
> > Audio and video are disabled.
>
> That would assume that you don't set up VPNs between your network and
> the networks you want to conference with, then send your data over those
> channels. If your data isn't confidential and you want something as
> private and secure as E-mail (which isn't either), then Netmeeting fits
> the bill, even broadcast over the Internet.
>
> > Whoops! So much for completelness of implementation for security, so
> > much for confidentiality of information passed over the 'Net...
>
> You use E-mail, right? Do you PGP encrypt everything you send to
> associates?
>
> > Doesn't sound all that standard to me, and the phrase "stil requires som
> > eports to be opened" should be a red flag.
>
> Why? If it didn't require ports to be opened, it either wouldn't be a
> standard internet protocol (which use IP ports) or it would be tunneling
> over some other less-secure protocol (like HTTP, God-forbid).
>
> > You don't cover a sucking chest wound with a gauze bandage.
>
> You don't even know what the software does, so you diagnose it as a
> chest wound?
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
