Re: how to block VOIP on cisco routers?
 

We have the same problem with voip boxes...

I'll assume that when you plug in an adapter running H.323, it establishes a
nailed up connection to a server, which is why they seem to work behind
firewalls. As an outbound connection, you dont need to map ports. (I've
seen 5 Linksys/Vonage boxes sitting on a Linksys BEFSX41 with a static on
the WAN side, all work fine for both in and outbound).

So... how would you go about blocking H.323 traffic? If not possible, how
about blocking the fqnd or ips of the servers that the major players -
Vonage, Packet8, etc - use? (Someone must have a list of the servers). And
with SIP (5060) and IAX (4569), can't the ports they use be blocked cutting
off the signalling path?

Ideas? Help?

Thanks in advance
Dave






"John Agosta" <j_agosta@remove_wideopenwest.kom> wrote in message
news:R5mdnRL9MLNFH1nenZ2dnUVZ_s2dnZ2d@wideopenwest .com...
>
> "Jason" <jasonjm2005@hotmail.com> wrote in message
> news:z6qdnZje7dFl71neRVn-rg@giganews.com...
>> my network is being bogged down by "junk"
>>
>> number one on the hitlist : VOIP phones - anyone got any idea how to
>> block them?
>>
>> 2nd problem is streaming radio, people just chewing up bandwidth the
>> whole day! how to kill those?
>>
>> any ideas?
>>
>>
>>
>
> Access lists to permit what you consider non-junk perhaps ?
>
>
>

Re: how to block VOIP on cisco routers?
 

yes lets fogure out how to block this: I have the following info, I am going
to try and block all these ports mentioned below this weekend, and I'll see
what happens

Anyone else feel free to comment







a.. IAX is not the result of a standards group, rather a collaborative,
community based effort
a.. IAX uses a single UDP port 4569, and thus works well in NAT environments
(the obsolete IAX1 protocol used port 5036). IAX uses ONLY one udp port for
both control and data traffic. As outlined in point 4 of the IAX versus SIP
topic with IAX you will always have audio if the control connection can be
established.

a.. SIP is a text-based protocol that uses UTF-8 encoding
a.. SIP uses port 5060 both for UDP and TCP. SIP may use other transports


1718 H.323 RAS (Multicast Discovery)
1719 H.323 RAS (Unicast)
1720 H.323 Call Signaling (TCP)
2099 H.501 Border Element Signaling (H.225.0 Annex G)
2427 MGCP
2517 H.323 Call Signalling (UDP, H.323 Annex E)
2944 H.248
5060 SIP


"Henry Cabot Henhouse III" <sooper_chicken@hotmail.com> wrote in message
news:2-WdnadhXegAElneRVn-pQ@comcast.com...
> We have the same problem with voip boxes...
>
> I'll assume that when you plug in an adapter running H.323, it establishes
> a
> nailed up connection to a server, which is why they seem to work behind
> firewalls. As an outbound connection, you dont need to map ports. (I've
> seen 5 Linksys/Vonage boxes sitting on a Linksys BEFSX41 with a static on
> the WAN side, all work fine for both in and outbound).
>
> So... how would you go about blocking H.323 traffic? If not possible, how
> about blocking the fqnd or ips of the servers that the major players -
> Vonage, Packet8, etc - use? (Someone must have a list of the servers). And
> with SIP (5060) and IAX (4569), can't the ports they use be blocked
> cutting
> off the signalling path?
>
> Ideas? Help?
>
> Thanks in advance
> Dave
>
>
>
>
>
>
> "John Agosta" <j_agosta@remove_wideopenwest.kom> wrote in message
> news:R5mdnRL9MLNFH1nenZ2dnUVZ_s2dnZ2d@wideopenwest .com...
>>
>> "Jason" <jasonjm2005@hotmail.com> wrote in message
>> news:z6qdnZje7dFl71neRVn-rg@giganews.com...
>>> my network is being bogged down by "junk"
>>>
>>> number one on the hitlist : VOIP phones - anyone got any idea how to
>>> block them?
>>>
>>> 2nd problem is streaming radio, people just chewing up bandwidth the
>>> whole day! how to kill those?
>>>
>>> any ideas?
>>>
>>>
>>>
>>
>> Access lists to permit what you consider non-junk perhaps ?
>>
>>
>>
>
>




--------------------------------------------------------------------------------