Re: MS Netmeeting pass through

From: Melchior de Contades (mdecontades_at_NO_SPAM.firstream.net)
Date: 05/14/03 

Date: Wed, 14 May 2003 10:56:10 +0200

Dans (In) le post (news) :vc2omn5p9qtmec@corp.supernews.com,
NeoSadist <neosadist@hotmail.com> écrivait (typed) :

> If I'm not mistaken, you can tell netmeeting what ports to use.

No !
When Microsoft developed NetMeeting 3.0 they chose to use the existing
h.323 video conferencing protocol. This protocol happens to be
completely incompatible with standard NAT(network address translation) -
the technology used for most internet sharing devices.

Unlike most TCP/IP applications, NetMeeting uses DYNAMIC PORTS instead
of STATIC PORTS. That means that each NetMeeting connection is somewhat
different than the last. For instance, the HTTP web site application
uses port 80. NetMeeting can use any of over 60,000 different ports.
Putting a web server behind a firewall means opening a single small
hole. Putting a NetMeeting computer behind a firewall means opening over
60,000 ports - a security nightmare. :-((

Port Function Outbound
Connection
389 Internet Locator Service (ILS) TCP
522 User Location Service TCP
1503 T.120 TCP
1720 H.323 call setup TCP
1731 Audio call control TCP
Dynamic H.323 call control TCP
Dynamic H.323 streaming Real-Time Transfer Protocol (RTP) over UDP

If you use a firewall to connect to the Internet, it must be configured
so that the IP ports are not blocked.

To establish outbound NetMeeting connections through a firewall, the
firewall must be configured to do the following:

Pass through primary TCP connections on ports 389, 522, 1503, 1720, and
1731.
Pass through secondary TCP and UDP connections on dynamically assigned
ports (1024-65535).

The H.323 call setup protocol dynamically negotiates a TCP port for use
by the H.323 call control protocol. Also, both the audio call control
protocol and the H.323 call setup protocol dynamically negotiate UDP
ports for use by the H.323 streaming protocol, called the Real-Time
Transfer Protocol (RTP). In NetMeeting, two UDP ports are determined on
each side of the firewall for audio and video streaming, for a total of
four ports for inbound and outbound audio and video. These dynamically
negotiated ports are selected arbitrarily from all ports that can be
assigned dynamically. 

-- 
Melchior de Contades - Paris (FR) -

Relevant Pages

  • Re: Ports getting hammered?
    ... >>> If your Watchguard can't stop outbound traffic... ... >>> Would not the Windows XP firewall do exactly the same work? ... >> protocol analysis to see if protocols are being broken only a IDS ... > permitted ports and protocols. ...
    (comp.security.firewalls)
  • Re: Ping pmj
    ... a software firewall to fill the gaps in or you will get intruders!!! ... Software Firewall, or not Forwarded in your Router), then NetMeeting ... *also* Open up some Ports when receiving Calls. ... Such as VNC ...
    (uk.people.silversurfers)
  • Re: How to Establish NetMeeting Connections Through a Firewall
    ... > firewall or not, and what ports you should pass through ... It does provide information on port usage in NetMeeting but from I can tell ... You said you strongly recommend a software firewall, ... > communication on all the ports described in the article. ...
    (microsoft.public.internet.netmeeting)
  • Re: NetMeeting and NAT firewall
    ... > Is it possible to support NetMeeting via a NAT firewall, ... firewall because you have to open LOTS of ports. ... 389 Internet Locator Server (TCP) ...
    (comp.security.firewalls)
  • Re: Port forwarding/open ports?
    ... > To be able for another person to connect to my Netmeeting in ... > Windows XP and share applications I would need to open the ports 1720 ... > and 1503 in my router firewall. ...
    (alt.computer.security)