> Squid -- can block this no problem. > Michael. > Only Squid? Any document or howto to read about it? Thanks.. -Rio.Martin - > On Mon, 31 May 2004 22:37:50 -0700 (PDT) > SBlaze <dagent.geo@xxxxxxxxx> wrote: > >> >> --- Rio Martin <rio@xxxxxxxxx> wrote: >> > On Monday 31 May 2004 18:18, Ivan wrote: >> > > Hi, >> > > I am looking for a solution to block streaming media using iptables. >> > > I have found that some of my users are listening to radio stations >> using >> > > internet, which has pumped up the >> > > internet bill significantly, and of course put a choke on my >> internet >> > > links. Does anyone know of a solution for blocking just the >> streaming >> > > media traffic from any web site, while still allowing >> > > the access to the website it self? >> > > Thanks, >> > > Ivan >> > >> > >> > Hiye Ivan, >> > The problem you faced was users connecting to Internet Radio Stations >> using >> > web port (port 80) isnt it ? I give u an example like LaunchCast from >> Yahoo >> > or other stations using port 80 as their service port. >> > >> > This is become a serious problem when bandwidth allocated not so wide. >> The >> > only thing in my mind, try to apply the magic of patch-o-matic STRING. >> > Examine correctly what packets arrived or what kind of streaming >> packets >> > sent >> > >> > by server. Block using those STRING. >> > >> > Regards, >> > Rio Martin. >> > >> >> STRING matching is at best a primative method of any kind of filtration. >> It >> has been demonstrated and documented many times here that it's simply >> not an >> efficent option. However I do think I might can help with this. First >> you need >> to identify what and where the radio stations are coming from. If they >> are >> from the new Yahoo LAUNCHcast...stoping them should be fairly >> easy...with some >> work. >> >> First this is good info to know... >> http://search1.cc.dcn.yahoo.com/cct_search.php?ui_mode=answer&prior_transaction_id=248668163&action_code=5&answer_id=14755094#__highlight >> >> It contains info for firewalls and LAUNCHcast. >> >> Assuming you are NATing your internal machines.... set up rules to block >> certain hosts at yahoo. >> >> From personal experience I connect to this one >> re2wmcontent24.bcst.re2.yahoo.com (at least at this time I'm connected >> to it) >> >> By doing some DNS snooping... It apears that there are 43 of these with >> this >> being the first... >> >> hogwarts:~# nslookup -silent re2wmcontent01.bcst.re2.yahoo.com >> Server: 66.190.172.252 >> Address: 66.190.172.252#53 >> >> Name: re2wmcontent01.bcst.re2.yahoo.com >> Address: 206.190.44.76 >> >> and this being the last... >> >> hogwarts:~# nslookup -silent re2wmcontent43.bcst.re2.yahoo.com >> Server: 66.190.172.252 >> Address: 66.190.172.252#53 >> >> Non-authoritative answer: >> Name: re2wmcontent43.bcst.re2.yahoo.com >> Address: 206.190.44.118 >> >> with 44 returning this... >> >> hogwarts:~# nslookup -silent re2wmcontent44.bcst.re2.yahoo.com >> Server: 66.190.172.252 >> Address: 66.190.172.252#53 >> >> ** server can't find re2wmcontent44.bcst.re2.yahoo.com: NXDOMAIN >> >> So we can reasonably assume that if we block 206.190.44.76 thorugh >> 206.190.44.118 we could stop the LAUNCHcast broadcasts.... Dealing with >> NAT is >> a tad tricky though... since we need to stop it before it gets "NATED". >> >> >> With My setup my eth0 is the "wire" and my eht1 is LAN... so if I drop >> these >> on my LAN device(eth1)..theoretically I would stop the broadcast. If I >> wanted >> to stop it this would be the approach I would use. I hope it helps.... >> keep me >> posted if you try it. >> >> ===== >> In the absence of order there will be chaos. >> >> >> >> >> __________________________________ >> Do you Yahoo!? >> Friends. Fun. Try the all-new Yahoo! Messenger. >> http://messenger.yahoo.com/ >> >> >> >> >> > > > -- > Michael Gale > Network Administrator > Utilitran Corporation > >
