SkyPE was designed to work thru any firewalls (except, of course, if you block all outbound connections and require using HTTP proxy) -:).
----- Original Message ----- From: "Irwin Lazar" <[EMAIL PROTECTED]> To: "Joe Shen" <[EMAIL PROTECTED]> Cc: "NANOG" <[EMAIL PROTECTED]> Sent: Thursday, November 11, 2004 8:16 AM Subject: Re: How to Blocking VoIP ( H.323) ? > > The following resources may be helpful for H.323: > > IP Ports and Protocols used by H.323 Devices > http://www.teamsolutions.co.uk/tsfirewall.html > > The Problems and Pitfalls of Getting H.323 Safely Through Firewalls > http://www.chebucto.ns.ca/~rakerman/articles/ig-h323_firewalls.html > > SIP uses TCP port 5060 for signaling, however voice data traffic is carried > on random high ports. Some SIP-based VoIP providers route voice data > traffic back to a proxy server (I believe Vonage functions in this way), so > it may be easier to restrict. > > Skype requires outbound TCP access to either ports above 1024, or port 80, > and they also recommend outbound UDP access to ports above 1024 (as well as > in-bound replies), so good luck blocking it. :-( > > And then there is VoIP as part of IM services (e.g. Apple iChatAV, AOL IM, > or Yahoo Messenger), all of which function differently. > > irwin > > > > >> > >> Hi, > >> > >> How could it be done to block VoIP at access router? > >> > >> I've thought about using ACL to block UDP port > >> 1719,but this could be overcome by modifying protocol > >> port number. > >> > >> regards > >> > >> Joe > >> > >> __________________________________________________ > >> Do You Yahoo!? > >> Log on to Messenger with your mobile phone! > >> http://sg.messenger.yahoo.com > >> > > > > -- > > -------------------------------------------------------------------------- > > Joel Jaeggli Unix Consulting [EMAIL PROTECTED] > > GPG Key Fingerprint: 5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2 > > >