Date: 07 Mar 2000 09:35:40 -0500 From: Chris Shenton <cshenton@uucom.com> To: Randy Primeaux <randy@Cloudfactory.ORG> Cc: Bhishan Hemrajani <bhishan@cytosine.dhs.org>, freebsd-questions@FreeBSD.ORG Subject: Re: NetMeeting or H.323 with ipfw & natd Message-ID: <lfr9dm97b7.fsf@Samizdat.uucom.com> In-Reply-To: Randy Primeaux's message of "Mon, 06 Mar 2000 16:04:11 -0800" References: <200003070013.QAA20371@relay.ultimanet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 06 Mar 2000 16:04:11 -0800, Randy Primeaux <randy@Cloudfactory.ORG> said: Randy> Bhishan, Thank you for the prompt response. Is your comment Randy> noting "you cannot find out what port NetMeeting is running on" Randy> based on: Dynamic H.323 call control TCP Dynamic H.323 Randy> streaming Real-Time Transfer Protocol (RTP) over UDP I wrote a paper a couple years ago on NetMeeting and how firewall-hostile it was: http://www.shenton.org/~chris/nasa-hq/netmeeting/ Since then, I gather a couple commercial firewalls now can proxy it intelligently, and that some NAT engines and/or free daemons (open h.323) can. But the protocol sux rox -- way too complicated. IMHO it's too dangerous to be let into my LAN without application layer proxying and decent authentication. It gives unauthenticated remote users full keyboard/mouse access to my machine and therefore anything my machine has access to. For me, firewalls and NAT are there to protect me from lame applications and hostile netizens, not just something to "get around". To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?lfr9dm97b7.fsf>