Re: [GnomeMeeting-list] Major ILS change



On Mon, 15 Mar 2004 11:18:46 +0100
Damien Sandras <damien sandras it-optics com> wrote:

..deleted

> > The approach I described allows you to deny registration to people who
> > cannot possibly receive calls (because they are behind a NAT firewall
> > which is not H.323 aware) while not forcing everyone to use port 1720
> > (which I suspect will cause many people to be rejected who are perfectly
> > able to receive calls).
> 
> Your approach will only allow people registering on another port than
> 1720 on a public IP to be registered. 

This is not correct.

> People behind NAT using another port with 1720 will still have the same problem.

This is not correct either

> > Consider the situation where you have three people all on the same local
> > LAN behind the same NAT firewall. Forcing the use of port 1720 means
> > only one of them could be registered with the seconix ILS as only one of
> > them can receive incoming connections on port 1720. To my mind, this is
> > a serious restriction, especially as some ISPs use NAT firewalls.
> 
> No, the restriction is based on the public IP, if one of them is
> registered to the ILS on port 1720, all of them will be allowed to
> register.

Then the test is bogus. That means that once a user has registered with
a public IP address, then any number of users behind the same firewall
will be accepted for registration regardless of whether they can acually accept
calls or not.

> I could port scan on the port, the problem is the internal structure of
> the PERL ILS backend which prevents me to do that without rewriting a
> lot of things.

Then I do not understand what you are doing. Aren't you already port
scanning port 1720? 

   Craig


-----------------------------------------------------------------------
 Craig Southeren, craigs postincrement com http://www.postincrement.com
 Post Increment - Software, Consulting and Services
 Co-founder of the only open source H.323 project
 Phone: +61 2 43654666   Fax: +61 2 43673140   Mobile: +61 417 231046
 ICQ: #86852844          MSN: craig_southeren hotmail com   
 GnuPG Public Key:  http://www.postincrement.com/pgp.txt
 Blog:              http://www.southeren.com/blog/




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]