--- Rio Martin <rio@xxxxxxxxx> wrote: > On Monday 31 May 2004 18:18, Ivan wrote: > > Hi, > > I am looking for a solution to block streaming media using iptables. > > I have found that some of my users are listening to radio stations using > > internet, which has pumped up the > > internet bill significantly, and of course put a choke on my internet > > links. Does anyone know of a solution for blocking just the streaming media > > traffic from any web site, while still allowing > > the access to the website it self? > > Thanks, > > Ivan > > > Hiye Ivan, > The problem you faced was users connecting to Internet Radio Stations using > web port (port 80) isnt it ? I give u an example like LaunchCast from Yahoo > or other stations using port 80 as their service port. > > This is become a serious problem when bandwidth allocated not so wide. The > only thing in my mind, try to apply the magic of patch-o-matic STRING. > Examine correctly what packets arrived or what kind of streaming packets sent > > by server. Block using those STRING. > > Regards, > Rio Martin. > STRING matching is at best a primative method of any kind of filtration. It has been demonstrated and documented many times here that it's simply not an efficent option. However I do think I might can help with this. First you need to identify what and where the radio stations are coming from. If they are from the new Yahoo LAUNCHcast...stoping them should be fairly easy...with some work. First this is good info to know... http://search1.cc.dcn.yahoo.com/cct_search.php?ui_mode=answer&prior_transaction_id=248668163&action_code=5&answer_id=14755094#__highlight It contains info for firewalls and LAUNCHcast. Assuming you are NATing your internal machines.... set up rules to block certain hosts at yahoo. >From personal experience I connect to this one re2wmcontent24.bcst.re2.yahoo.com (at least at this time I'm connected to it) By doing some DNS snooping... It apears that there are 43 of these with this being the first... hogwarts:~# nslookup -silent re2wmcontent01.bcst.re2.yahoo.com Server: 66.190.172.252 Address: 66.190.172.252#53 Name: re2wmcontent01.bcst.re2.yahoo.com Address: 206.190.44.76 and this being the last... hogwarts:~# nslookup -silent re2wmcontent43.bcst.re2.yahoo.com Server: 66.190.172.252 Address: 66.190.172.252#53 Non-authoritative answer: Name: re2wmcontent43.bcst.re2.yahoo.com Address: 206.190.44.118 with 44 returning this... hogwarts:~# nslookup -silent re2wmcontent44.bcst.re2.yahoo.com Server: 66.190.172.252 Address: 66.190.172.252#53 ** server can't find re2wmcontent44.bcst.re2.yahoo.com: NXDOMAIN So we can reasonably assume that if we block 206.190.44.76 thorugh 206.190.44.118 we could stop the LAUNCHcast broadcasts.... Dealing with NAT is a tad tricky though... since we need to stop it before it gets "NATED". With My setup my eth0 is the "wire" and my eht1 is LAN... so if I drop these on my LAN device(eth1)..theoretically I would stop the broadcast. If I wanted to stop it this would be the approach I would use. I hope it helps.... keep me posted if you try it. ===== In the absence of order there will be chaos. __________________________________ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/
