1) Your problem is a wonky broken H.323 that dies when it gets a connection from outside.
2) Your problem is "corporate insider uses VoIP to call a competitor and leak trade secrets".
3) Your problem is "VoIP users bypassing billing for telephone calls".
All three will require different solutions, and there's probably other scenarios as well.....
Definitely sounds like there is little one can do to combat against VoIP. Anyway, along with Mr. Kletnieks' views on halting someone from using VoIP (or VoIP like services a-la Skype), looking at it from an "Internal Corp." level where as an admin you would want to block someone from using Skype or so, you can probably do some form of packet filtering based on port, but, what can you do if the user decided to use proxy settings. You would likely want to do some quick network packet analysis find some common criteria for whatever it is you want to block, and then block it right at the firewall or content filter level. E.g.: Taking the common (perhaps) header strings, and or some payload information and creating some form of rule to deny this. An analysis would probably do little though if the user has some VoIP tunneling going on though, or some form of method to manipulate outbound packet information since the data would be different (if encrypted) most of the time. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo GPG Key ID 0x51F9D78D Fingerprint 2A48 BA18 1851 4C99 CA22 0619 DB63 F2F7 51F9 D78D http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x51F9D78D sil @ politrix . org http://www.politrix.org sil @ infiltrated . net http://www.infiltrated.net "How can we account for our present situation unless we believe that men high in this government are concerting to deliver us to disaster?" Joseph McCarthy "America's Retreat from Victory"