RE: FW: BlackIce Defender??? / H.323 security

patrick.muellerac.com
Mon, 1 Nov 1999 13:53:14 -0600

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Marcus J. Ranum: "Security urban legends"
• Previous message: Jack Dingler: "Re: FW1 - NAT hide problem"
• In reply to: Andy Davis: "FW1 - NAT hide problem"

Lucius, thanks for the comments on H.323. I am doing a security analysis of a
product similar in some ways to NetMeeting. It is, namely, Lotus's "Sametime"
program. It is based on T.120 for instant messaging and will support H.323 in
the future. I've only done some basic reading on these two standards, but
neither seem to have much in the way of security considerations (authentication,
data encryption, etc.). Am I mistaken, or is this the case? Just wondering if
anyone has any comments on T.120, Lotus Sametime, or the IETF group "Instant
Messaging/Presence Protocol" (IMPP) [which Lotus says that product will support
after the drafts are finalized and accepted]. Thanks in advance..

     -- Patrick

> Date: Sat, 30 Oct 1999 12:22:07 +0530
> From: "LUCIUS" <luciusmahindrabt.com>
> Subject: RE: FW: BlackIce Defender???

> Netmeeting uses H.323 for conferencing. The problem withH323 is that there is
no
> defined port. I,e except for the well known 1720 used for Q. Signaling during
call
> setup (H.245 ) and other port for tcp and 4 for UDP responsible for
maintaining the
> call are dynamically negotiated and are above 1024. The only way you could
get
> NetMeeting through is by using an application proxy or a circuit gateway
firewall
> (limited utility).

> Cheers
> Lucius

n

• Next message: Marcus J. Ranum: "Security urban legends"
• Previous message: Jack Dingler: "Re: FW1 - NAT hide problem"
• In reply to: Andy Davis: "FW1 - NAT hide problem"

This archive was generated by hypermail 2.0b3 on Tue Nov 02 1999 - 00:09:33 CST