Squid -- can block this no problem. Michael. On Mon, 31 May 2004 22:37:50 -0700 (PDT) SBlaze <dagent.geo@xxxxxxxxx> wrote: > > --- Rio Martin <rio@xxxxxxxxx> wrote: > > On Monday 31 May 2004 18:18, Ivan wrote: > > > Hi, > > > I am looking for a solution to block streaming media using iptables. > > > I have found that some of my users are listening to radio stations using > > > internet, which has pumped up the > > > internet bill significantly, and of course put a choke on my internet > > > links. Does anyone know of a solution for blocking just the streaming > > > media traffic from any web site, while still allowing > > > the access to the website it self? > > > Thanks, > > > Ivan > > > > > > Hiye Ivan, > > The problem you faced was users connecting to Internet Radio Stations using > > web port (port 80) isnt it ? I give u an example like LaunchCast from Yahoo > > or other stations using port 80 as their service port. > > > > This is become a serious problem when bandwidth allocated not so wide. The > > only thing in my mind, try to apply the magic of patch-o-matic STRING. > > Examine correctly what packets arrived or what kind of streaming packets > > sent > > > > by server. Block using those STRING. > > > > Regards, > > Rio Martin. > > > > STRING matching is at best a primative method of any kind of filtration. It > has been demonstrated and documented many times here that it's simply not an > efficent option. However I do think I might can help with this. First you need > to identify what and where the radio stations are coming from. If they are > from the new Yahoo LAUNCHcast...stoping them should be fairly easy...with some > work. > > First this is good info to know... > http://search1.cc.dcn.yahoo.com/cct_search.php?ui_mode=answer&prior_transaction_id=248668163&action_code=5&answer_id=14755094#__highlight > > It contains info for firewalls and LAUNCHcast. > > Assuming you are NATing your internal machines.... set up rules to block > certain hosts at yahoo. > > From personal experience I connect to this one > re2wmcontent24.bcst.re2.yahoo.com (at least at this time I'm connected to it) > > By doing some DNS snooping... It apears that there are 43 of these with this > being the first... > > hogwarts:~# nslookup -silent re2wmcontent01.bcst.re2.yahoo.com > Server: 66.190.172.252 > Address: 66.190.172.252#53 > > Name: re2wmcontent01.bcst.re2.yahoo.com > Address: 206.190.44.76 > > and this being the last... > > hogwarts:~# nslookup -silent re2wmcontent43.bcst.re2.yahoo.com > Server: 66.190.172.252 > Address: 66.190.172.252#53 > > Non-authoritative answer: > Name: re2wmcontent43.bcst.re2.yahoo.com > Address: 206.190.44.118 > > with 44 returning this... > > hogwarts:~# nslookup -silent re2wmcontent44.bcst.re2.yahoo.com > Server: 66.190.172.252 > Address: 66.190.172.252#53 > > ** server can't find re2wmcontent44.bcst.re2.yahoo.com: NXDOMAIN > > So we can reasonably assume that if we block 206.190.44.76 thorugh > 206.190.44.118 we could stop the LAUNCHcast broadcasts.... Dealing with NAT is > a tad tricky though... since we need to stop it before it gets "NATED". > > > With My setup my eth0 is the "wire" and my eht1 is LAN... so if I drop these > on my LAN device(eth1)..theoretically I would stop the broadcast. If I wanted > to stop it this would be the approach I would use. I hope it helps.... keep me > posted if you try it. > > ===== > In the absence of order there will be chaos. > > > > > __________________________________ > Do you Yahoo!? > Friends. Fun. Try the all-new Yahoo! Messenger. > http://messenger.yahoo.com/ > > > > > -- Michael Gale Network Administrator Utilitran Corporation
