Re: Blocking Streaming Media (Was: Re: (no subject)..)

["Rio Martin" <rio@martin.mu>]

> Squid -- can block this no problem.
> Michael.
>

Only Squid? Any document or howto to read about it?
Thanks..

-Rio.Martin -




> On Mon, 31 May 2004 22:37:50 -0700 (PDT)
> SBlaze <dagent.geo@yahoo.com> wrote:
>
>>
>> --- Rio Martin <rio@martin.mu> wrote:
>> > On Monday 31 May 2004 18:18, Ivan wrote:
>> > > Hi,
>> > > I am looking for a solution to block streaming media using iptables.
>> > > I have found that some of my users are listening to radio stations
>> using
>> > > internet, which has pumped up the
>> > > internet bill significantly, and of course put a choke on my
>> internet
>> > > links. Does anyone know of a solution for blocking just the
>> streaming
>> > > media traffic from any web site, while still allowing
>> > > the access to the website it self?
>> > > Thanks,
>> > > Ivan
>> >
>> >
>> > Hiye Ivan,
>> > The problem you faced was users connecting to Internet Radio Stations
>> using
>> > web port (port 80) isnt it ? I give u an example like LaunchCast from
>> Yahoo
>> > or other stations using port 80 as their service port.
>> >
>> > This is become a serious problem when bandwidth allocated not so wide.
>> The
>> > only thing in my mind, try to apply the magic of patch-o-matic STRING.
>> > Examine correctly what packets arrived or what kind of streaming
>> packets
>> > sent
>> >
>> > by server. Block using those STRING.
>> >
>> > Regards,
>> > Rio Martin.
>> >
>>
>> STRING matching is at best a primative method of any kind of filtration.
>> It
>> has been demonstrated and documented many times here that it's simply
>> not an
>> efficent option. However I do think I might can help with this. First
>> you need
>> to identify what and where the radio stations are coming from. If they
>> are
>> from the new Yahoo LAUNCHcast...stoping them should be fairly
>> easy...with some
>> work.
>>
>> First this is good info to know...
>> http://search1.cc.dcn.yahoo.com/cct_search.php?ui_mode=answer&prior_transaction_id=248668163&action_code=5&answer_id=14755094#__highlight
>>
>> It contains info for firewalls and LAUNCHcast.
>>
>> Assuming you are NATing your internal machines.... set up rules to block
>> certain hosts at yahoo.
>>
>> From personal experience I connect to this one
>> re2wmcontent24.bcst.re2.yahoo.com (at least at this time I'm connected
>> to it)
>>
>> By doing some DNS snooping... It apears that there are 43 of these with
>> this
>> being the first...
>>
>> hogwarts:~# nslookup -silent re2wmcontent01.bcst.re2.yahoo.com
>> Server:         66.190.172.252
>> Address:        66.190.172.252#53
>>
>> Name:   re2wmcontent01.bcst.re2.yahoo.com
>> Address: 206.190.44.76
>>
>> and this being the last...
>>
>> hogwarts:~# nslookup -silent re2wmcontent43.bcst.re2.yahoo.com
>> Server:         66.190.172.252
>> Address:        66.190.172.252#53
>>
>> Non-authoritative answer:
>> Name:   re2wmcontent43.bcst.re2.yahoo.com
>> Address: 206.190.44.118
>>
>> with 44 returning this...
>>
>> hogwarts:~# nslookup -silent re2wmcontent44.bcst.re2.yahoo.com
>> Server:         66.190.172.252
>> Address:        66.190.172.252#53
>>
>> ** server can't find re2wmcontent44.bcst.re2.yahoo.com: NXDOMAIN
>>
>> So we can reasonably assume that if we block 206.190.44.76 thorugh
>> 206.190.44.118 we could stop the LAUNCHcast broadcasts.... Dealing with
>> NAT is
>> a tad tricky though... since we need to stop it before it gets "NATED".
>>
>>
>> With My setup my eth0 is the "wire" and my eht1 is LAN... so if I drop
>> these
>> on my LAN device(eth1)..theoretically I would stop the broadcast. If I
>> wanted
>> to stop it this would be the approach I would use. I hope it helps....
>> keep me
>> posted if you try it.
>>
>> =====
>> In the absence of order there will be chaos.
>>
>>
>>
>>
>> __________________________________
>> Do you Yahoo!?
>> Friends.  Fun.  Try the all-new Yahoo! Messenger.
>> http://messenger.yahoo.com/
>>
>>
>>
>>
>>
>
>
> --
> Michael Gale
> Network Administrator
> Utilitran Corporation
>
>