Hmm - just introduce some jitter into your network, and add random delay to the short packets - and no VoIP in your company -:).
Other way - block ALL outbound connections (including DNS and HTTPS) and require using proxy, or better do not allow external IP addresses. -:) (I should not be very optimistic about this). ----- Original Message ----- From: "Christopher L. Morrow" <[EMAIL PROTECTED]> To: "Irwin Lazar" <[EMAIL PROTECTED]> Cc: "Joe Shen" <[EMAIL PROTECTED]>; "NANOG" <[EMAIL PROTECTED]> Sent: Thursday, November 11, 2004 9:01 AM Subject: Re: How to Blocking VoIP ( H.323) ? > > > On Thu, 11 Nov 2004, Irwin Lazar wrote: > > > > > The following resources may be helpful for H.323: > > > > IP Ports and Protocols used by H.323 Devices > > http://www.teamsolutions.co.uk/tsfirewall.html > > > > The Problems and Pitfalls of Getting H.323 Safely Through Firewalls > > http://www.chebucto.ns.ca/~rakerman/articles/ig-h323_firewalls.html > > > > there is probably some traction to be had in reviewing other folks' > attempts at this very thing as well. Check out Panama, for instance, their > incumbent carrier (C&W as I recall) forced the federal regulators to ban > VOIP through all ISP's in Panama, this turned out to be quite unworkable > even in the short term. I believe a few other folks have attempted similar > regulations with similar success rates :( > > VOIP, like IM runs, or can be run, across several ports/protocols with and > without consistency in even the individual applications. For many things > like this, if they are required via legislation in your local area, you > might have better luck scoping the regulation's expectations, then using > some metrics to show success/failure and WHY those metrics are the way > they are. > > In the end though: "Good luck!" (Also, reference Ito-Jun's message from > the IAB about wide scale filtering policies and their effects on the > end-to-end nature of the Internet as a whole).