Re: Streaming (anything)

["Michael R. Jinks" <mjinks saecos com>]

Nothing shows up in /etc/services.  You might want to check the docs for 
the applications you want to block, but they often don't provide 
anything helpful in areas like this.  The web sites of the software 
publishers might have "network administrator hints" or some such.

At the worst case, use tcpdump(8) on one of the routing machines while 
using the offensive programs, and just note the ports that they use.

I believe that NetMeeting (and other programs which use the same 
protocol) can jump around ports a lot, which is one of the reasons why 
NAT tends to break them: the remote end of the connection can send data 
over a port different from the one that the client used to initiate the 
transaction.  A rough analogy can be found in active ftp.  So if you 
really want to squash it, you'll have to find out (from documentation or 
from captured network traffic) which port the client uses to initiate a 
session, and block that.

Just out of curiosity, why do you need to block these services specifically?



Ashley M. Kirchner wrote:

> "Michael R. Jinks" wrote:
>
>
> > The way to block this stuff is to default-deny the ports which these
> > applications use.  NAT (of which ipmasq is a special case) doesn't
> > address the issue at all, you'll need to do this using IP filtering
> > (ipchains, ipfw, ipf, iptables, whatever).  Find out what ports your
> > "Bad Apps" use, and block them.
>
>
>     Okay, then I suppose the next question would be: does anyone know what
> ports things like Realplayer and Windows mediaplayer use when they're
> streaming data?  I need to be able to block them both by using ipfwadm (an old
> server) and using ipchains on a newer machine.
>
> --
> W |
>   |  I haven't lost my mind; it's backed up on tape somewhere.
>   |____________________________________________________________________
>   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>   Ashley M. Kirchner <mailto:ashley pcraft com>   .   303.442.6410 x130
>   SysAdmin / Websmith                           .     800.441.3873 x130
>   Photo Craft Laboratories, Inc.             .        eFax 248.671.0909
>   http://www.pcraft.com                  .         3550 Arapahoe Ave #6
>   .................. .  .  .     .               Boulder, CO 80303, USA
>
>
>
>
> _______________________________________________
> Redhat-list mailing list
> Redhat-list redhat com
> https://listman.redhat.com/mailman/listinfo/redhat-list


--
~~~Michael Jinks, IB // Technical Entity // Saecos Corporation~~~~