(no subject)

(no subject)

[Ivan]

Hi,
I am looking for a solution to block streaming media using iptables.
I have found that some of my users are listening to radio stations using 
internet, which has pumped up the
internet bill significantly, and of course put a choke on my internet links.
Does anyone know of a solution for blocking just the streaming media 
traffic from any web site, while still allowing
the access to the website it self?

Thanks,

Ivan

RE: (no subject)

[Markus Zeilinger]

 Hi!

Do not know whether there is a patch available via patch-o-matic for such
things. But I think a http proxy should handle such things? Cause you have
to do application level filtering and that's a duty of a http proxy I would
say!

Cheers,
Markus

-----Original Message-----
From: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org] On Behalf Of Ivan
Sent: Monday, May 31, 2004 1:19 PM
To: netfilter@lists.netfilter.org
Subject: (no subject)

Hi,
I am looking for a solution to block streaming media using iptables.
I have found that some of my users are listening to radio stations using 
internet, which has pumped up the
internet bill significantly, and of course put a choke on my internet links.
Does anyone know of a solution for blocking just the streaming media 
traffic from any web site, while still allowing
the access to the website it self?

Thanks,

Ivan

Re: (no subject)

[Krishna Prasanth]

Hi!
   How about blocking Stream connections, which are mostly RTP, RTSP(Real 
Audio uses this)??
   In this case VoIP traffic may not work(in case if you have).
   I think even other Applications like (winamp) uses similar traffic which 
we can
   block using iptables.

   Pls correct me if i'm wrong somewhere.

regards
-prasanth
On Mon, 31 May 2004 13:39:21 +0200, Markus Zeilinger 
<mz@sea.uni-linz.ac.at> wrote:

>  Hi!
>
> Do not know whether there is a patch available via patch-o-matic for such
> things. But I think a http proxy should handle such things? Cause you 
> have
> to do application level filtering and that's a duty of a http proxy I 
> would
> say!
>
> Cheers,
> Markus
>
> -----Original Message-----
> From: netfilter-admin@lists.netfilter.org
> [mailto:netfilter-admin@lists.netfilter.org] On Behalf Of Ivan
> Sent: Monday, May 31, 2004 1:19 PM
> To: netfilter@lists.netfilter.org
> Subject: (no subject)
>
> Hi,
> I am looking for a solution to block streaming media using iptables.
> I have found that some of my users are listening to radio stations using
> internet, which has pumped up the
> internet bill significantly, and of course put a choke on my internet 
> links.
> Does anyone know of a solution for blocking just the streaming media
> traffic from any web site, while still allowing
> the access to the website it self?
>
> Thanks,
>
> Ivan
>
>



-- 
Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/

RE: (no subject)

[Mark E. Donaldson]

Take a look at the H323 patch and see if it suits your needs:
http://www.netfilter.org/documentation/HOWTO//netfilter-extensions-HOWTO-5.h
tml#ss5.3 

-----Original Message-----
From: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org] On Behalf Of Ivan
Sent: Monday, May 31, 2004 4:19 AM
To: netfilter@lists.netfilter.org
Subject: (no subject)

Hi,
I am looking for a solution to block streaming media using iptables.
I have found that some of my users are listening to radio stations using
internet, which has pumped up the internet bill significantly, and of course
put a choke on my internet links.
Does anyone know of a solution for blocking just the streaming media traffic
from any web site, while still allowing the access to the website it self?

Thanks,

Ivan



########################################################
This message has been scanned for viruses and dangerous content by
MailScanner, and is believed to be clean.

postmaster@bandwidthco.com
MailScanner at bandwidthco.com is for your absolute protection.
########################################################



########################################################
This message has been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.

postmaster@bandwidthco.com
MailScanner at bandwidthco.com is for your absolute protection.
########################################################

Blocking Streaming Media (Was: Re: (no subject)..)

[Rio Martin]

On Monday 31 May 2004 18:18, Ivan wrote:
> Hi,
> I am looking for a solution to block streaming media using iptables.
> I have found that some of my users are listening to radio stations using
> internet, which has pumped up the
> internet bill significantly, and of course put a choke on my internet
> links. Does anyone know of a solution for blocking just the streaming media
> traffic from any web site, while still allowing
> the access to the website it self?
> Thanks,
> Ivan


Hiye Ivan,
The problem you faced was users connecting to Internet Radio Stations using 
web port (port 80) isnt it ? I give u an example like LaunchCast from Yahoo 
or other stations using port 80 as their service port.

This is become a serious problem when bandwidth allocated not so wide. The 
only thing in my mind, try to apply the magic of patch-o-matic STRING. 
Examine correctly what packets arrived or what kind of streaming packets sent 
by server. Block using those STRING.

Regards,
Rio Martin.

Re: Blocking Streaming Media (Was: Re: (no subject)..)

[SBlaze]

--- Rio Martin <rio@martin.mu> wrote:
> On Monday 31 May 2004 18:18, Ivan wrote:
> > Hi,
> > I am looking for a solution to block streaming media using iptables.
> > I have found that some of my users are listening to radio stations using
> > internet, which has pumped up the
> > internet bill significantly, and of course put a choke on my internet
> > links. Does anyone know of a solution for blocking just the streaming media
> > traffic from any web site, while still allowing
> > the access to the website it self?
> > Thanks,
> > Ivan
> 
> 
> Hiye Ivan,
> The problem you faced was users connecting to Internet Radio Stations using 
> web port (port 80) isnt it ? I give u an example like LaunchCast from Yahoo 
> or other stations using port 80 as their service port.
> 
> This is become a serious problem when bandwidth allocated not so wide. The 
> only thing in my mind, try to apply the magic of patch-o-matic STRING. 
> Examine correctly what packets arrived or what kind of streaming packets sent
> 
> by server. Block using those STRING.
> 
> Regards,
> Rio Martin.
> 

STRING matching is at best a primative method of any kind of filtration. It has
been demonstrated and documented many times here that it's simply not an
efficent option. However I do think I might can help with this. First you need
to identify what and where the radio stations are coming from. If they are from
the new Yahoo LAUNCHcast...stoping them should be fairly easy...with some work.

First this is good info to know...
http://search1.cc.dcn.yahoo.com/cct_search.php?ui_mode=answer&prior_transaction_id=248668163&action_code=5&answer_id=14755094#__highlight

It contains info for firewalls and LAUNCHcast.

Assuming you are NATing your internal machines.... set up rules to block
certain hosts at yahoo.

From personal experience I connect to this one
re2wmcontent24.bcst.re2.yahoo.com (at least at this time I'm connected to it)

By doing some DNS snooping... It apears that there are 43 of these with this
being the first...

hogwarts:~# nslookup -silent re2wmcontent01.bcst.re2.yahoo.com
Server:         66.190.172.252
Address:        66.190.172.252#53

Name:   re2wmcontent01.bcst.re2.yahoo.com
Address: 206.190.44.76

and this being the last...

hogwarts:~# nslookup -silent re2wmcontent43.bcst.re2.yahoo.com
Server:         66.190.172.252
Address:        66.190.172.252#53

Non-authoritative answer:
Name:   re2wmcontent43.bcst.re2.yahoo.com
Address: 206.190.44.118

with 44 returning this...

hogwarts:~# nslookup -silent re2wmcontent44.bcst.re2.yahoo.com
Server:         66.190.172.252
Address:        66.190.172.252#53

** server can't find re2wmcontent44.bcst.re2.yahoo.com: NXDOMAIN

So we can reasonably assume that if we block 206.190.44.76 thorugh
206.190.44.118 we could stop the LAUNCHcast broadcasts.... Dealing with NAT is
a tad tricky though... since we need to stop it before it gets "NATED".


With My setup my eth0 is the "wire" and my eht1 is LAN... so if I drop these on
my LAN device(eth1)..theoretically I would stop the broadcast. If I wanted to
stop it this would be the approach I would use. I hope it helps.... keep me
posted if you try it.

=====
In the absence of order there will be chaos.


	
		
__________________________________
Do you Yahoo!?
Friends.  Fun.  Try the all-new Yahoo! Messenger.
http://messenger.yahoo.com/ 

Re: Blocking Streaming Media (Was: Re: (no subject)..)

[Michael Gale]

Squid -- can block this no problem.

Michael.


On Mon, 31 May 2004 22:37:50 -0700 (PDT)
SBlaze <dagent.geo@yahoo.com> wrote:

> 
> --- Rio Martin <rio@martin.mu> wrote:
> > On Monday 31 May 2004 18:18, Ivan wrote:
> > > Hi,
> > > I am looking for a solution to block streaming media using iptables.
> > > I have found that some of my users are listening to radio stations using
> > > internet, which has pumped up the
> > > internet bill significantly, and of course put a choke on my internet
> > > links. Does anyone know of a solution for blocking just the streaming
> > > media traffic from any web site, while still allowing
> > > the access to the website it self?
> > > Thanks,
> > > Ivan
> > 
> > 
> > Hiye Ivan,
> > The problem you faced was users connecting to Internet Radio Stations using 
> > web port (port 80) isnt it ? I give u an example like LaunchCast from Yahoo 
> > or other stations using port 80 as their service port.
> > 
> > This is become a serious problem when bandwidth allocated not so wide. The 
> > only thing in my mind, try to apply the magic of patch-o-matic STRING. 
> > Examine correctly what packets arrived or what kind of streaming packets
> > sent
> > 
> > by server. Block using those STRING.
> > 
> > Regards,
> > Rio Martin.
> > 
> 
> STRING matching is at best a primative method of any kind of filtration. It
> has been demonstrated and documented many times here that it's simply not an
> efficent option. However I do think I might can help with this. First you need
> to identify what and where the radio stations are coming from. If they are
> from the new Yahoo LAUNCHcast...stoping them should be fairly easy...with some
> work.
> 
> First this is good info to know...
> http://search1.cc.dcn.yahoo.com/cct_search.php?ui_mode=answer&prior_transaction_id=248668163&action_code=5&answer_id=14755094#__highlight
> 
> It contains info for firewalls and LAUNCHcast.
> 
> Assuming you are NATing your internal machines.... set up rules to block
> certain hosts at yahoo.
> 
> From personal experience I connect to this one
> re2wmcontent24.bcst.re2.yahoo.com (at least at this time I'm connected to it)
> 
> By doing some DNS snooping... It apears that there are 43 of these with this
> being the first...
> 
> hogwarts:~# nslookup -silent re2wmcontent01.bcst.re2.yahoo.com
> Server:         66.190.172.252
> Address:        66.190.172.252#53
> 
> Name:   re2wmcontent01.bcst.re2.yahoo.com
> Address: 206.190.44.76
> 
> and this being the last...
> 
> hogwarts:~# nslookup -silent re2wmcontent43.bcst.re2.yahoo.com
> Server:         66.190.172.252
> Address:        66.190.172.252#53
> 
> Non-authoritative answer:
> Name:   re2wmcontent43.bcst.re2.yahoo.com
> Address: 206.190.44.118
> 
> with 44 returning this...
> 
> hogwarts:~# nslookup -silent re2wmcontent44.bcst.re2.yahoo.com
> Server:         66.190.172.252
> Address:        66.190.172.252#53
> 
> ** server can't find re2wmcontent44.bcst.re2.yahoo.com: NXDOMAIN
> 
> So we can reasonably assume that if we block 206.190.44.76 thorugh
> 206.190.44.118 we could stop the LAUNCHcast broadcasts.... Dealing with NAT is
> a tad tricky though... since we need to stop it before it gets "NATED".
> 
> 
> With My setup my eth0 is the "wire" and my eht1 is LAN... so if I drop these
> on my LAN device(eth1)..theoretically I would stop the broadcast. If I wanted
> to stop it this would be the approach I would use. I hope it helps.... keep me
> posted if you try it.
> 
> =====
> In the absence of order there will be chaos.
> 
> 
> 	
> 		
> __________________________________
> Do you Yahoo!?
> Friends.  Fun.  Try the all-new Yahoo! Messenger.
> http://messenger.yahoo.com/ 
> 
> 
> 
> 
> 


-- 
Michael Gale
Network Administrator
Utilitran Corporation

Re: Blocking Streaming Media (Was: Re: (no subject)..)

[Rio Martin]

> Squid -- can block this no problem.
> Michael.
>

Only Squid? Any document or howto to read about it?
Thanks..

-Rio.Martin -




> On Mon, 31 May 2004 22:37:50 -0700 (PDT)
> SBlaze <dagent.geo@yahoo.com> wrote:
>
>>
>> --- Rio Martin <rio@martin.mu> wrote:
>> > On Monday 31 May 2004 18:18, Ivan wrote:
>> > > Hi,
>> > > I am looking for a solution to block streaming media using iptables.
>> > > I have found that some of my users are listening to radio stations
>> using
>> > > internet, which has pumped up the
>> > > internet bill significantly, and of course put a choke on my
>> internet
>> > > links. Does anyone know of a solution for blocking just the
>> streaming
>> > > media traffic from any web site, while still allowing
>> > > the access to the website it self?
>> > > Thanks,
>> > > Ivan
>> >
>> >
>> > Hiye Ivan,
>> > The problem you faced was users connecting to Internet Radio Stations
>> using
>> > web port (port 80) isnt it ? I give u an example like LaunchCast from
>> Yahoo
>> > or other stations using port 80 as their service port.
>> >
>> > This is become a serious problem when bandwidth allocated not so wide.
>> The
>> > only thing in my mind, try to apply the magic of patch-o-matic STRING.
>> > Examine correctly what packets arrived or what kind of streaming
>> packets
>> > sent
>> >
>> > by server. Block using those STRING.
>> >
>> > Regards,
>> > Rio Martin.
>> >
>>
>> STRING matching is at best a primative method of any kind of filtration.
>> It
>> has been demonstrated and documented many times here that it's simply
>> not an
>> efficent option. However I do think I might can help with this. First
>> you need
>> to identify what and where the radio stations are coming from. If they
>> are
>> from the new Yahoo LAUNCHcast...stoping them should be fairly
>> easy...with some
>> work.
>>
>> First this is good info to know...
>> http://search1.cc.dcn.yahoo.com/cct_search.php?ui_mode=answer&prior_transaction_id=248668163&action_code=5&answer_id=14755094#__highlight
>>
>> It contains info for firewalls and LAUNCHcast.
>>
>> Assuming you are NATing your internal machines.... set up rules to block
>> certain hosts at yahoo.
>>
>> From personal experience I connect to this one
>> re2wmcontent24.bcst.re2.yahoo.com (at least at this time I'm connected
>> to it)
>>
>> By doing some DNS snooping... It apears that there are 43 of these with
>> this
>> being the first...
>>
>> hogwarts:~# nslookup -silent re2wmcontent01.bcst.re2.yahoo.com
>> Server:         66.190.172.252
>> Address:        66.190.172.252#53
>>
>> Name:   re2wmcontent01.bcst.re2.yahoo.com
>> Address: 206.190.44.76
>>
>> and this being the last...
>>
>> hogwarts:~# nslookup -silent re2wmcontent43.bcst.re2.yahoo.com
>> Server:         66.190.172.252
>> Address:        66.190.172.252#53
>>
>> Non-authoritative answer:
>> Name:   re2wmcontent43.bcst.re2.yahoo.com
>> Address: 206.190.44.118
>>
>> with 44 returning this...
>>
>> hogwarts:~# nslookup -silent re2wmcontent44.bcst.re2.yahoo.com
>> Server:         66.190.172.252
>> Address:        66.190.172.252#53
>>
>> ** server can't find re2wmcontent44.bcst.re2.yahoo.com: NXDOMAIN
>>
>> So we can reasonably assume that if we block 206.190.44.76 thorugh
>> 206.190.44.118 we could stop the LAUNCHcast broadcasts.... Dealing with
>> NAT is
>> a tad tricky though... since we need to stop it before it gets "NATED".
>>
>>
>> With My setup my eth0 is the "wire" and my eht1 is LAN... so if I drop
>> these
>> on my LAN device(eth1)..theoretically I would stop the broadcast. If I
>> wanted
>> to stop it this would be the approach I would use. I hope it helps....
>> keep me
>> posted if you try it.
>>
>> =====
>> In the absence of order there will be chaos.
>>
>>
>>
>>
>> __________________________________
>> Do you Yahoo!?
>> Friends.  Fun.  Try the all-new Yahoo! Messenger.
>> http://messenger.yahoo.com/
>>
>>
>>
>>
>>
>
>
> --
> Michael Gale
> Network Administrator
> Utilitran Corporation
>
>

Re: Blocking Streaming Media (Was: Re: (no subject)..)

[Rio Martin]

> Squid -- can block this no problem.
> Michael.
>

Only Squid? Any document or howto to read about it?
Thanks..

-Rio.Martin -




> On Mon, 31 May 2004 22:37:50 -0700 (PDT)
> SBlaze <dagent.geo@yahoo.com> wrote:
>
>>
>> --- Rio Martin <rio@martin.mu> wrote:
>> > On Monday 31 May 2004 18:18, Ivan wrote:
>> > > Hi,
>> > > I am looking for a solution to block streaming media using iptables.
>> > > I have found that some of my users are listening to radio stations
>> using
>> > > internet, which has pumped up the
>> > > internet bill significantly, and of course put a choke on my
>> internet
>> > > links. Does anyone know of a solution for blocking just the
>> streaming
>> > > media traffic from any web site, while still allowing
>> > > the access to the website it self?
>> > > Thanks,
>> > > Ivan
>> >
>> >
>> > Hiye Ivan,
>> > The problem you faced was users connecting to Internet Radio Stations
>> using
>> > web port (port 80) isnt it ? I give u an example like LaunchCast from
>> Yahoo
>> > or other stations using port 80 as their service port.
>> >
>> > This is become a serious problem when bandwidth allocated not so wide.
>> The
>> > only thing in my mind, try to apply the magic of patch-o-matic STRING.
>> > Examine correctly what packets arrived or what kind of streaming
>> packets
>> > sent
>> >
>> > by server. Block using those STRING.
>> >
>> > Regards,
>> > Rio Martin.
>> >
>>
>> STRING matching is at best a primative method of any kind of filtration.
>> It
>> has been demonstrated and documented many times here that it's simply
>> not an
>> efficent option. However I do think I might can help with this. First
>> you need
>> to identify what and where the radio stations are coming from. If they
>> are
>> from the new Yahoo LAUNCHcast...stoping them should be fairly
>> easy...with some
>> work.
>>
>> First this is good info to know...
>> http://search1.cc.dcn.yahoo.com/cct_search.php?ui_mode=answer&prior_transaction_id=248668163&action_code=5&answer_id=14755094#__highlight
>>
>> It contains info for firewalls and LAUNCHcast.
>>
>> Assuming you are NATing your internal machines.... set up rules to block
>> certain hosts at yahoo.
>>
>> From personal experience I connect to this one
>> re2wmcontent24.bcst.re2.yahoo.com (at least at this time I'm connected
>> to it)
>>
>> By doing some DNS snooping... It apears that there are 43 of these with
>> this
>> being the first...
>>
>> hogwarts:~# nslookup -silent re2wmcontent01.bcst.re2.yahoo.com
>> Server:         66.190.172.252
>> Address:        66.190.172.252#53
>>
>> Name:   re2wmcontent01.bcst.re2.yahoo.com
>> Address: 206.190.44.76
>>
>> and this being the last...
>>
>> hogwarts:~# nslookup -silent re2wmcontent43.bcst.re2.yahoo.com
>> Server:         66.190.172.252
>> Address:        66.190.172.252#53
>>
>> Non-authoritative answer:
>> Name:   re2wmcontent43.bcst.re2.yahoo.com
>> Address: 206.190.44.118
>>
>> with 44 returning this...
>>
>> hogwarts:~# nslookup -silent re2wmcontent44.bcst.re2.yahoo.com
>> Server:         66.190.172.252
>> Address:        66.190.172.252#53
>>
>> ** server can't find re2wmcontent44.bcst.re2.yahoo.com: NXDOMAIN
>>
>> So we can reasonably assume that if we block 206.190.44.76 thorugh
>> 206.190.44.118 we could stop the LAUNCHcast broadcasts.... Dealing with
>> NAT is
>> a tad tricky though... since we need to stop it before it gets "NATED".
>>
>>
>> With My setup my eth0 is the "wire" and my eht1 is LAN... so if I drop
>> these
>> on my LAN device(eth1)..theoretically I would stop the broadcast. If I
>> wanted
>> to stop it this would be the approach I would use. I hope it helps....
>> keep me
>> posted if you try it.
>>
>> =====
>> In the absence of order there will be chaos.
>>
>>
>>
>>
>> __________________________________
>> Do you Yahoo!?
>> Friends.  Fun.  Try the all-new Yahoo! Messenger.
>> http://messenger.yahoo.com/
>>
>>
>>
>>
>>
>
>
> --
> Michael Gale
> Network Administrator
> Utilitran Corporation
>
>

Re: Blocking Streaming Media (Was: Re: (no subject)..)

[Rio Martin]

On Tuesday 01 June 2004 12:37, SBlaze wrote:
> --- Rio Martin <rio@martin.mu> wrote:
> > On Monday 31 May 2004 18:18, Ivan wrote:
> STRING matching is at best a primative method of any kind of filtration. It
> has been demonstrated and documented many times here that it's simply not
> an efficent option. However I do think I might can help with this. First
> you need to identify what and where the radio stations are coming from. If
> they are from the new Yahoo LAUNCHcast...stoping them should be fairly
> easy...with some work.
> First this is good info to know...
> http://search1.cc.dcn.yahoo.com/cct_search.php?ui_mode=answer&prior_transac
>tion_id=248668163&action_code=5&answer_id=14755094#__highlight
> It contains info for firewalls and LAUNCHcast.
> Assuming you are NATing your internal machines.... set up rules to block
> certain hosts at yahoo.

I guess, blocking ports or defining ports to be allowed to users is not 
enough. Users are clever and smart from day to day. Once the originial and 
standard ports blocked by administrator, they use port forwarding sometimes 
to some kind of hosting server or dedicated server, and they still able to do 
music streaming.

If you checkout the greatest site, let say www.shoutcast.com, u can see lots 
of stations use port 80, it means connecting to radio stations would be the 
same as clients surfing to the web. 

I'm still thinking patch-o-matic STRING would be the best solustion for now ..

Regards,
Rio Martin.

Blocking Streaming Media (Was: Re: (no subject)..)

[SBlaze]

I guess, blocking ports or defining ports to be allowed to users is not 
enough. Users are clever and smart from day to day. Once the originial and 
standard ports blocked by administrator, they use port forwarding sometimes 
to some kind of hosting server or dedicated server, and they still able to do 
music streaming.

If you checkout the greatest site, let say www.shoutcast.com, u can see lots 
of stations use port 80, it means connecting to radio stations would be the 
same as clients surfing to the web. 

I'm still thinking patch-o-matic STRING would be the best solustion for now ..

Regards,
Rio Martin.

Perhaps you missed the rest of my post? I only pointed out the yahoo support
page as a starting point. I wouldn't attack this from a port point of view
becuase that method would be hit and miss. Find where the music comes from and
block the ranges it comes from. I stated examples of this with the Yahoo
LaunchCAST streaming protocol. I don't know the structure of your network so it
is hard for me to say how to find the culprits. I also used a packet sniffer on
my network to find where the service was originalting. Stopping shoutcast maybe
a bit more difficult... I'll look into that as well...

=====
In the absence of order there will be chaos.


	
		
__________________________________
Do you Yahoo!?
Friends.  Fun.  Try the all-new Yahoo! Messenger.
http://messenger.yahoo.com/ 

Re: Blocking Streaming Media (Was: Re: (no subject)..)

[Michael Gale]

Hello,

	Netfilter is a packet level firewall option, for security you should be using
multiple levels. Which means adding more layers, use iptables for packet
filtering and then:

Exampels:

	Squid for http application level filtering
	Frox for FTP application level filtering

	For https allow connections to only required servers.


Michael.




On Thu, 10 Jun 2004 14:37:43 -0700 (PDT)
SBlaze <dagent.geo@yahoo.com> wrote:

> I guess, blocking ports or defining ports to be allowed to users is not 
> enough. Users are clever and smart from day to day. Once the originial and 
> standard ports blocked by administrator, they use port forwarding sometimes 
> to some kind of hosting server or dedicated server, and they still able to do 
> music streaming.
> 
> If you checkout the greatest site, let say www.shoutcast.com, u can see lots 
> of stations use port 80, it means connecting to radio stations would be the 
> same as clients surfing to the web. 
> 
> I'm still thinking patch-o-matic STRING would be the best solustion for now ..
> 
> Regards,
> Rio Martin.
> 
> Perhaps you missed the rest of my post? I only pointed out the yahoo support
> page as a starting point. I wouldn't attack this from a port point of view
> becuase that method would be hit and miss. Find where the music comes from and
> block the ranges it comes from. I stated examples of this with the Yahoo
> LaunchCAST streaming protocol. I don't know the structure of your network so
> it is hard for me to say how to find the culprits. I also used a packet
> sniffer on my network to find where the service was originalting. Stopping
> shoutcast maybe a bit more difficult... I'll look into that as well...
> 
> =====
> In the absence of order there will be chaos.
> 
> 
> 	
> 		
> __________________________________
> Do you Yahoo!?
> Friends.  Fun.  Try the all-new Yahoo! Messenger.
> http://messenger.yahoo.com/ 
> 
> 
> 
> 
> 


-- 
Michael Gale
Network Administrator
Utilitran Corporation

Re: Blocking Streaming Media (Was: Re: (no subject)..)

[SBlaze]

--- Michael Gale <michael.gale@utilitran.com> wrote:
> Hello,
> 
> 	Netfilter is a packet level firewall option, for security you should be
> using
> multiple levels. Which means adding more layers, use iptables for packet
> filtering and then:
> 
> Exampels:
> 
> 	Squid for http application level filtering
> 	Frox for FTP application level filtering
> 
> 	For https allow connections to only required servers.
> 
> 
> Michael.
> 
> 
> 
> 
> On Thu, 10 Jun 2004 14:37:43 -0700 (PDT)
> SBlaze <dagent.geo@yahoo.com> wrote:
> 
> > I guess, blocking ports or defining ports to be allowed to users is not 
> > enough. Users are clever and smart from day to day. Once the originial and 
> > standard ports blocked by administrator, they use port forwarding sometimes
> 
> > to some kind of hosting server or dedicated server, and they still able to
> do 
> > music streaming.
> > 
> > If you checkout the greatest site, let say www.shoutcast.com, u can see
> lots 
> > of stations use port 80, it means connecting to radio stations would be the
> 
> > same as clients surfing to the web. 
> > 
> > I'm still thinking patch-o-matic STRING would be the best solustion for now
> ..
> > 
> > Regards,
> > Rio Martin.
> > 
> > Perhaps you missed the rest of my post? I only pointed out the yahoo
> support
> > page as a starting point. I wouldn't attack this from a port point of view
> > becuase that method would be hit and miss. Find where the music comes from
> and
> > block the ranges it comes from. I stated examples of this with the Yahoo
> > LaunchCAST streaming protocol. I don't know the structure of your network
> so
> > it is hard for me to say how to find the culprits. I also used a packet
> > sniffer on my network to find where the service was originalting. Stopping
> > shoutcast maybe a bit more difficult... I'll look into that as well...
> > 
> > =====
> > In the absence of order there will be chaos.
> > 
> > 
> > 	
> > 		
> > __________________________________
> > Do you Yahoo!?
> > Friends.  Fun.  Try the all-new Yahoo! Messenger.
> > http://messenger.yahoo.com/ 
> > 
> > 
Well me personally I don't have the resources for squid... I can't speak for
Rio though. Perhaps he should check here.

http://www.squid-cache.org/Doc/FAQ/FAQ-3.html#ss3.1

My set up is only a Dual Pentium Pro 200 with one IDE 80GB drive(UDMA 66) w
128MB EDO RAM

=====
In the absence of order there will be chaos.


	
		
__________________________________
Do you Yahoo!?
Friends.  Fun.  Try the all-new Yahoo! Messenger.
http://messenger.yahoo.com/