12-02-2009 10:46 PM - edited 03-04-2019 06:51 AM
Hi All,
We want to block the VoIP ports on our network. Please share the known or standard ports used for VoIP.
Thanks
12-03-2009 07:43 AM
Hi.
for VOIP try:
access-list 101 deny udp any any range 16384 32767
access-list 102 deny udp any any eq 1718
access-list 102 deny udp any any eq 1719
access-list 102 deny tcp any any eq 1720
TCP port 1720 is the port used for the listening of the incoming call.
If you block access to this port, you will essentially deny voice call setup request from the IP side.
This will block H.323 call setups, for people using "standard" VoIP and the
standard port assignments. It won't block Net2Phone, Netspeak, or any one
of a number of proprietary VoIP implementations.
A more drastic approach is to block all UDP traffic on ports >5000, which
will kill H.323 and any other RTP-based scheme like MBONE conferencing. It
still won't block people who want to get through and are willing to use
proprietary schemes.
regards
Yesua
12-03-2009 01:24 PM
If you are using a Cisco Call Manager, you might want to check this link that summarizes all ports used by it:
Regards,
Rick.
12-06-2009 01:58 AM
Thanks Yesua & Rick,
@ Yesua , PLease clear about the proprietary schemes u mentioned in reply. Have u know about "MAJIC JACK" (also used for VoIP calling). is this also a proprietary scheme.
Rgds
12-06-2009 08:55 AM
yes, propietary I mean not following at all an standard and creating their own thing, just like "majic jack", those are the ones more difficult to block.
Majic jack appears to uses the following udp ports and something strange is doing with tcp ports:
TCP Ports List: 80 (HTTP), 443 (HTTPS)
UDP Ports List: 5060, 5070, 10000-65535
You should be able to confirm this, the last time I found it was using only 5060 and 5070, so blocking this two probably will make it.
regards
Yesua
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: