NetMeeting
NetMeeting is Microsoft's conferencing program. It allows multiple people to connect for file transfer, chat, whiteboard, and application sharing, or two people to connect for audio/video conferencing.NetMeeting is based on T.120 and H.323 but uses some extra protocols; Figure 19-4 shows a full-featured NetMeeting conference.
In addition to the normal security implications of T.120 and H.323, NetMeeting has had implementation problems, including buffer overflow bugs. However, most of the security concerns with NetMeeting involve the capabilities provided by T.120 and H.323. As NetMeeting has evolved, it has added more and more features to allow clients to place limits on what can be done. For instance, it is now possible for a client to allow audio/video conferencing without permitting file transfer or application sharing, and it is possible to require authentication. On the other hand, it is still extremely difficult for an administrator to force those controls on clients. There is no good way for an administrator to make sure that clients inside the firewall are safe from attack via NetMeeting.
Packet Filtering Characteristics of NetMeeting
NetMeeting uses T.120 and H.323, but in addition to their normal ports, it uses an extra audio call control connection at TCP port 1731, an LDAP-based locator service called the Internet Locator Service (ILS) at TCP port 389, and a proprietary locator service called the User Location Service (ULS) at TCP port 522. The connections involved are shown in Figure 19-4; the table shows only the ports that are special to NetMeeting.
Figure 19-4. A NetMeeting conference
| Direction | SourceAddr. | Dest.Addr. | Protocol | SourcePort | Dest.Port | ACKSet | Notes |
|---|---|---|---|---|---|---|---|
| In | Ext | Int | TCP | >1023 | 1731 | [111] | External caller contacting internal callee, audio control |
| Out | Int | Ext | TCP | 1731 | >1023 | Yes | Internal callee responding to external caller, audio control |
| In | Ext | Int | TCP | >1023 | 389 | External client to internal ILS server | |
| Out | Int | Ext | TCP | 389 | >1023 | Yes | Responses from internal ILS server |
| In | Ext | Int | TCP | >1023 | 522 | External client to internal ULS server | |
| Out | Int | Ext | TCP | 522 | >1023 | Yes | Responses from internal ULS server |
| Out | Int | Ext | TCP | >1023 | 1731 | [111] | Internal caller contacting external callee, audio control |
| In | Ext | Int | TCP | 1731 | >1023 | Yes | External callee responding to internal caller, audio control |
| Out | Int | Ext | TCP | >1023 | 389 | Internal client to external ILS server | |
| In | Ext | Int | TCP | 389 | >1023 | Yes | Responses from external ILS server |
| Out | Int | Ext | TCP | >1023 | 522 | Internal client to external ULS server | |
| In | Ext | Int | TCP | 522 | >1023 | Yes | Responses from external ULS server |
[111]ACK is not set on the first packet of this type (establishing connection) but will be set on the rest.