Scribd
Upload
84 views2 pages

VoIP Detection

The document provides suggestions for how a service provider can block illegal VoIP traffic on its network. It recommends using an intrusion detection system like Snort to detect common VoIP protocols like SIP and H323 and block them. It also suggests using Cisco technologies like Extended ACLs and NBAR to classify and block specific protocols, ports, and bandwidth usage associated with VoIP traffic. Managing available resources first before specialized procurement is the best approach.

Uploaded by

Ye Naing Moe
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
84 views2 pages

VoIP Detection

The document provides suggestions for how a service provider can block illegal VoIP traffic on its network. It recommends using an intrusion detection system like Snort to detect common VoIP protocols like SIP and H323 and block them. It also suggests using Cisco technologies like Extended ACLs and NBAR to classify and block specific protocols, ports, and bandwidth usage associated with VoIP traffic. Managing available resources first before specialized procurement is the best approach.

Uploaded by

Ye Naing Moe
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

How would you block or detect VoIP traffic?

A service provider is thinks that some of its customers may be engaged in illega l VoIP traffic (ie originating or terminating so called grey traffic) and wants to stop only the illegal traffic. Are you looking for a real-time solution, and in that case, how much budget do y ou have? (this could get very expensive). Why does the service provider care if the customers are paying for the bandwidth ? Or does the PTA require the ISPs to actually spend money to block this? I know that the LI system put in place by PTA can detect VoIP--that is something you can look into. Or you could just put in an intrusion detection system. Snort (free) can detect SIP and H323 and block them. But I also know that the operators have wised up--they are now encrypting the tr affic in which case you will just see a VPN tunnel and won't be able to block. You can use IPS, Cisco Extended ACL. These are the most common protocols used fo r VoIP Megaco H.248 Gateway Control Protocol MGCP Media Gateway Control Protocol MIME RVP over IP Remote Voice Protocol Over IP Specification SAPv2 Session Announcement Protocol SDP Session Description Protocol SGCP Simple Gateway Control Protocol SIP Session Initiation Protocol Skinny Skinny Client Control Protocol (SCCP) These are the most common ports used by VoIP Boxes. block SCCP (TCP 2000) SIP and H.323 (SIP is TCP 5060, and H.323 is 1720). You may also need to block the media stream, so UDP 16384 to 32768. Infact H.232 uses G.711 G.722 G.723.1 G.728 G.729 For audio traffic The best solution to use is to manage in the available resources first before go ng for a specialized procurement. So you can achieve your goal by blocking the a bove protocols. Infact Cisco IOS has the feature called NBAR, you can use it. Le ts start with this example I have seen somewhere class-map match-any p2p match protocol skype policy-map block-p2p class p2p drop

int FastEthernet0 description PIX-facing interface service-policy input block-p2p If you are unsure about the bandwidth eating applications being used in your org anization. you can access the interface connected to the Internet and configure following command: ip nbar protocol-discovery. This will enable nbar discovery on your router. Use following command:show ip nbar protocol-discovery stats bit-rate top-n 10 it will show you top 10 bandwidth eating applications being used by the users. N ow you will be able to block/restrict traffic with appropriate QoS policy. we can also use ip nbar port-map command to look for the protocol or protocol na me, using a port number or numbers other than the well-known Internet Assigned N umbers Authority (IANA)-assigned) port numbers. Usage as per cisco:ip nbar port-map protocol-name [tcp udp] port-number Up to 16 ports can be specified with this command. Port number values can range from 0 to 65535

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy