[cisco-voip] H.323 Gateway Security - Prevent Unauthorized Usage

Mon Sep 18 12:40:24 EDT 2006

Problem is that IP blue is not making any connection or call dialog with
CallManager itself, it is the gateway that is being requested directly.
CallManager never knows that the call is being made.

________________________________

From: Aman Chugh [mailto:aman.chugh at gmail.com] 
Sent: Monday, September 18, 2006 11:22 AM
To: Matt Slaga (US)
Cc: Johan Bloemhard; cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] H.323 Gateway Security - Prevent Unauthorized
Usage

You could also try to block this particular subnet/IP address (IP BLUE)
to communicate with Callmanager on TCP port 1720,1719 using a extended
ACL.

Aman

On 9/18/06, Matt Slaga (US) <Matt.Slaga at us.didata.com> wrote: 

ACLs on the router specifying H323 control traffic to/from the
callmanager servers (and gatekeepers if applicable) would be all that is
needed to prevent this. 

________________________________

From: cisco-voip-bounces at puck.nether.net
[mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Johan Bloemhard
Sent: Monday, September 18, 2006 10:06 AM
To: cisco-voip at puck.nether.net
Subject: [cisco-voip] H.323 Gateway Security - Prevent Unauthorized
Usage

We have a 2801 with a H.323 gateway (PSTN).  I just came across a
student that was using IP Blue (VTGO) on their handheld and had
configured it using our H.323 gateway.  I imagine that he got the IP of
the H.323 gateway off of a phone.  Obviously he didn't have internal
dialing but could dial out with a problem.

How can we prevent this?  ACLs on the 2801?  How are other organizations
tackling this problem?

TIA

Johan Bloemhard 
Senior Information Technology Specialist 
___________________________________ 
Silver Falls School District 4J 
802 Schlador Street 
Silverton, OR 97381 
w: 503.873.6331 

________________________________

Disclaimer: This message may be legally privileged and/or is intended
only for the use of the addressee(s). The content and views expressed in
this email may represent the views of the sender and not those of Silver
Falls School District. 

________________________________

Disclaimer:

This e-mail communication and any attachments may contain
confidential and privileged information and is for use by the
designated addressee(s) named above only. If you are not the 
intended addressee, you are hereby notified that you have received
this communication in error and that any use or reproduction of
this email or its contents is strictly prohibited and may be
unlawful. If you have received this communication in error, please 
notify us immediately by replying to this message and deleting it
from your computer. Thank you.

_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip 

-----------------------------------------
Disclaimer:

This e-mail communication and any attachments may contain
confidential and privileged information and is for use by the
designated addressee(s) named above only.  If you are not the
intended addressee, you are hereby notified that you have received
this communication in error and that any use or reproduction of
this email or its contents is strictly prohibited and may be
unlawful.  If you have received this communication in error, please
notify us immediately by replying to this message and deleting it
from your computer. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://puck.nether.net/pipermail/cisco-voip/attachments/20060918/151d0e2c/attachment-0001.html 