David Newman wrote:
On 1/23/08 4:21 PM, Daniel Ouellet wrote:
So, you could check for UDP RTP stream from that IP's and all phones
can and are most likely preset with a fix range of ports that they can
use and if you can find that, then you have all that you need.
Gack. No.
I've seen more than one MegaCorp use Linksys/D-Link/etc. routers for
SoHo sites and open up ranges like udp/10000-20000 to allow VoIP. A
lousy idea, for obvious reasons.
Don't forget I am referring at what's inside, not what's coming to him here.
Example the default for Cisco if not changed is 16384 to 32767 on the
UDP ports. Talk about a wide range???
However, don't forget the original question is how to detect and stop
traffic when VoIP is in use, so looking for the source IP's of the phone
as i explain and the port range from that phone, then it does allow for
the original question to be answer regardless of what's use outside.
That's why I say to look for that is OK in this case.
And as explain also if he also want to open the ports and obviously
needs to do so for incoming, I also explain that he can and should find
the IP of the remote VoIP gateways use and he can filter on that.
There is also something simple if he can change or configure the phone
itself. You can preset the port range use on the phone as as such, the
stream that will come to you will be in that range and you need two
ports per stream only, so if your phone suppose conference as an example
and you want to allow that, you can limit your port range on the phone
to 4 ports only and you are set should you want to open these UDP port
world wide in case you also do IP to IP calls. Don't forget that the
port use are negotiated via the control port on UDP/5050 and that's when
the phone dictate the port range that it wants to receive the stream on
and as such, you can specify that as you see fit and not use a crazy
range as you describe.
Again, as express as well that depend on the setup and if you are allow
or have access to the phone setup to restrict these ports.
We still don't know what the user have access to or not, so all the
suggestions may or may not apply, but many are valid here regardless of
what's possible or not.
Best,
Daniel
