1) Your problem is a wonky broken H.323 that dies when it
gets a connection from outside.2) Your problem is "corporate insider uses VoIP to call a
competitor and leak trade secrets".3) Your problem is "VoIP users bypassing billing for telephone calls".
All three will require different solutions, and there's probably
other scenarios as well.....
Definitely sounds like there is little one can do to combat against VoIP.
Anyway, along with Mr. Kletnieks' views on halting someone from using VoIP
(or VoIP like services a-la Skype), looking at it from an "Internal Corp."
level where as an admin you would want to block someone from using Skype
or so, you can probably do some form of packet filtering based on port,
but, what can you do if the user decided to use proxy settings. You would
likely want to do some quick network packet analysis find some common
criteria for whatever it is you want to block, and then block it right at
the firewall or content filter level.
E.g.: Taking the common (perhaps) header strings, and or some payload
information and creating some form of rule to deny this. An analysis would
probably do little though if the user has some VoIP tunneling going on
though, or some form of method to manipulate outbound packet information
since the data would be different (if encrypted) most of the time.