Dealing with MS Netmeeting & H.323

Ryan Russell
Mon, 8 Jun 1998 12:44:19 -0700

Don't get me wrong.. I'm actually a big SPF fan.

I was being more general with my definition of "secure."

Sure you, can make an SPF w/NAT hande it "securely" in
terms of only allowing the minimum ports by snooping
the data stream, etc..  Rumor has it that FW1 4.0 will
do just that.

What I was referring to was the capabilities of the
program itself... i.e. one of my users could go
into a netmeeting session, and give control of
a DOS box to someone on the outside.  No thanks.

>From that point of view, FW-1 handles it perfectly
"securely" at present.  It doesn't work at all. :)

                    Ryan on 06/04/98 09:10:09 AM

Please respond to

cc:    (bcc: Ryan Russell/SYBASE)
Subject:  Re: Dealing with MS Netmeeting & H.323

On 06/03/98 08:18:41 PM "Ryan Russell"  wrote:
> I'll agree with Fred on this one... It's pratically impossible
> to really handle Netmeeting securely at this point, since the
> purpose in life creates huge holes, even when functioning correctly.

I don't consider it a huge risk for outgoing calls, when handled *PROPERLY*
by a stateful filter. And to make it scalable, you would appreciate the low
and high throughput that SPFs tend to have. Of course, YCMMV (C=customer's)

> At best at present, the main SPF products such as FW1 and PIX
> just open the minimum number of ports for the minimum amount
> of time.  It's a big impovement over Microsoft's instructions (
> Just let all UDP in... .yea, right) but the program itself is still
> pretty bad.

Yes, this is the way SPFs handle all the weird services. The obvious
we have here is that we rely on a timeout to close the dynamically opened
ports if you cannot determine the end of the session from a control channel
(for example, if you are streaming UDP inbound). So you do have a little
race condition there.

Received: from ([]) by
(Lotus SMTP MTA v4.6.1  (569.2 2-6-1998)) with SMTP id 8825661A.00217F11;
Thu, 4 Jun 1998 23:05:52 -0700
Received: from (smtp1 [])
          by (8.8.4/8.8.4) with SMTP
       id XAA02248; Thu, 4 Jun 1998 23:03:46 -0700 (PDT)
Received: from by
     id AA18337; Thu, 4 Jun 98 23:03:46 PDT
Received: from ( [])
          by (8.8.4/8.8.4) with ESMTP
       id XAA14816; Thu, 4 Jun 1998 23:05:08 -0700 (PDT)
Received: (from lists@localhost)
     by (8.8.8/8.8.8) id UAA19201
     for firewall-wizards-outgoing; Thu, 4 Jun 1998 20:46:42 -0500 (CDT)
Received: (from fwiz@localhost)
     by (8.8.8/8.8.8) id UAA19186
     for; Thu, 4 Jun 1998 20:46:37 -0500 (CDT)
Received: from ( [])
     by (8.8.8/8.8.8) with ESMTP id LAA15927
     for <>; Thu, 4 Jun 1998 11:07:17 -0500 (CDT)
Received: (from mailer@localhost) by (SMTP/unknown) id
SAA19262 for <>; Thu, 4 Jun 1998 18:10:39 +0200
X-Authentication-Warning: mailer set sender to
<> using -f
Received: from by with
NIL-SMTP  (V1.3)
     id sma019260; Thu Jun  4 18:10:25 1998
Received: by SMTP MTA v4.6.1  (569.2 2-6-1998))
id C1256619.0058D433 ; Thu, 4 Jun 1998 18:10:14 +0200
X-Lotus-Fromdomain: NIL
Message-Id: <>
Date: Thu, 4 Jun 1998 18:10:09 +0200
Subject: Re: Dealing with MS Netmeeting & H.323
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Precedence: bulk