<div>You could also try to block this particular subnet/IP address (IP BLUE) to communicate with Callmanager on TCP port 1720,1719 using a extended ACL.</div>
<div> </div>
<div>Aman<br><br> </div>
<div><span class="gmail_quote">On 9/18/06, <b class="gmail_sendername">Matt Slaga (US)</b> <<a href="mailto:Matt.Slaga@us.didata.com">Matt.Slaga@us.didata.com</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">
<div>
<div lang="EN-US" vlink="purple" link="blue">
<div>
<p><font face="Arial" color="navy" size="2"><span style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">ACLs on the router specifying H323 control traffic to/from the callmanager servers (and gatekeepers if applicable) would be all that is needed to prevent this.
</span></font></p>
<p><font face="Arial" color="navy" size="2"><span style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"> </span></font></p>
<div>
<div style="TEXT-ALIGN: center" align="center"><font face="Times New Roman" size="3"><span style="FONT-SIZE: 12pt">
<hr align="center" width="100%" size="2">
</span></font></div>
<p><b><font face="Tahoma" size="2"><span style="FONT-WEIGHT: bold; FONT-SIZE: 10pt; FONT-FAMILY: Tahoma">From:</span></font></b><font face="Tahoma" size="2"><span style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma"> <a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank">
cisco-voip-bounces@puck.nether.net</a> [mailto:<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank">cisco-voip-bounces@puck.nether.net</a>] <b><span style="FONT-WEIGHT: bold">
On Behalf Of </span></b>Johan Bloemhard<br><b><span style="FONT-WEIGHT: bold">Sent:</span></b> Monday, September 18, 2006 10:06 AM<br><b><span style="FONT-WEIGHT: bold">To:</span></b> <a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:cisco-voip@puck.nether.net" target="_blank">
cisco-voip@puck.nether.net</a><br><b><span style="FONT-WEIGHT: bold">Subject:</span></b> [cisco-voip] H.323 Gateway Security - Prevent Unauthorized Usage</span></font></p></div></div>
<div><span class="e" id="q_10dc163379390a32_1">
<p><font face="Times New Roman" size="3"><span style="FONT-SIZE: 12pt"> </span></font></p>
<p><font face="Arial" size="2"><span style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">We have a 2801 with a H.323 gateway (PSTN). I just came across a student that was using IP Blue (VTGO) on their handheld and had configured it using our
H.323 gateway. I imagine that he got the IP of the H.323 gateway off of a phone. Obviously he didn't have internal dialing but could dial out with a problem.</span></font></p>
<p><font face="Arial" size="2"><span style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"> </span></font></p>
<p><font face="Arial" size="2"><span style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">How can we prevent this? ACLs on the 2801? How are other organizations tackling this problem?</span></font></p>
<p><font face="Arial" size="2"><span style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"> </span></font></p>
<p><font face="Arial" size="2"><span style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">TIA</span></font></p>
<p><font face="Arial" size="2"><span style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"> </span></font></p>
<p><font face="Verdana" size="1"><span style="FONT-SIZE: 7.5pt; FONT-FAMILY: Verdana">Johan Bloemhard <br>Senior Information Technology Specialist <br>___________________________________ <br><strong><b><font face="Verdana">
<span style="FONT-FAMILY: Verdana">Silver</span></font></b></strong><strong><b><font face="Verdana"><span style="FONT-FAMILY: Verdana"> Falls School District</span></font></b></strong><strong><b><font face="Verdana"><span style="FONT-FAMILY: Verdana">
4J</span></font></b></strong> <br>802 Schlador Street <br>Silverton, OR 97381 <br>w: 503.873.6331 </span></font></p>
<p><font face="Times New Roman" size="3"><span style="FONT-SIZE: 12pt"> </span></font></p></span></div>
<div></div></div></div>
<div><span class="e" id="q_10dc163379390a32_3">
<p align="left"><font face="Tahoma" size="2"><font color="#000000">
<hr noshade>
<strong>Disclaimer</strong>: This message may be legally privileged and/or is intended only for the use of the addressee(s). The content and views expressed in this email may represent the views of the sender and not those of Silver Falls School District.
</font></font>
<p></p></p></span></div>
<div>
<div>
<p>
<hr size="1">
<p></p><br>
<p><strong><br>Disclaimer:<br><br>This e-mail communication and any attachments may contain<br>confidential and privileged information and is for use by the<br>designated addressee(s) named above only. If you are not the
<br>intended addressee, you are hereby notified that you have received<br>this communication in error and that any use or reproduction of<br>this email or its contents is strictly prohibited and may be<br>unlawful. If you have received this communication in error, please
<br>notify us immediately by replying to this message and deleting it<br>from your computer. Thank you.<br></strong></p></p></div></div><br>_______________________________________________<br>cisco-voip mailing list<br><a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:cisco-voip@puck.nether.net">
cisco-voip@puck.nether.net</a><br><a onclick="return top.js.OpenExtLink(window,event,this)" href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a>
<br><br><br></blockquote></div><br>