Re[2]: Streaming (anything)

[Brian Ashe <brian dee-web com>]

Hi Ashley,

On Wednesday, May 30, 2001, 7:03:15 PM, you babbled something about:

AMK> "Michael R. Jinks" wrote:

>> The way to block this stuff is to default-deny the ports which these
>> applications use.  NAT (of which ipmasq is a special case) doesn't
>> address the issue at all, you'll need to do this using IP filtering
>> (ipchains, ipfw, ipf, iptables, whatever).  Find out what ports your
>> "Bad Apps" use, and block them.

AMK>     Okay, then I suppose the next question would be: does anyone know what
AMK> ports things like Realplayer and Windows mediaplayer use when they're
AMK> streaming data?  I need to be able to block them both by using ipfwadm (an old
AMK> server) and using ipchains on a newer machine.

Unfortunately, they don't rely that heavily on a specific port. They have
default ports that are just sort of legacy at this point. Both WMP and RP
can "skip around" trying to find a port that works. They even will often
times go to port 80 to accomplish their task. They also can use either TCP
or UDP or multicast. You are better off trying to eliminate the sites that
are in use rather then trying to trap the service. To that regard you may
find it easier to block all then let specific ones through.

Have fun,
-- 
_________________________________________________________________
 Brian Ashe                     CTO
 brian dee-web com              Dee-Web Software Services, LLC.
 http://www.dee-web.com/
-----------------------------------------------------------------
You don't have to swim faster than the shark...
You just have to swim faster than the people you're with.