Solved

Block Streaming Media with PIX or Cisco Access List

Posted on 2002-05-02
7
2,757 Views
Last Modified: 2013-11-16
Greetings fellow Experts:

I am running a military network with limited internet bandwidth.  One of the main activities which is wasting available bandwidth is the use of streaming media such as RealAudio, etc.  Does anyone know how to block access to streaming audio by use of a Cisco Pix Firewall or a Cisco Access-List?  Similarly, is it possible to block or limit access to services like Napster or its latest hybrids?  Any information would be greatly appreciated.

Regards,

Herb
0
Comment
Question by:schreib
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 11

Expert Comment

by:geoffryn
ID: 6987054
You have to know what specific ports to deny on an application by application basis.  The following shows the ports that are required for RA.  You would need similar info for each application.

http://service.real.com/firewall/adminfw.html
0
 

Author Comment

by:schreib
ID: 6987809
I believe that the problem is that RealAudio and other streaming media purposefully tries to circumvent firewalls (in order to increase potential viewership).  In doing so, they use other common ports such as 80 making blocking much more difficult.  It may require stateful packet inspection or some filtering at a layer above the network layer to succeed.

Herb
0
 

Expert Comment

by:arvi_sam
ID: 7004624
Hi,
Can you elaborate on your arrangement a bit more? Are you using PIX? In that case, do you have a DMZ or simply 2 zones on your PIX? Do you have any conduits / acls on the PIX at present?

Also you want to prevent RealAudio content from being accessed from within or do you wish to prevent RealAudio being served out? Lastly are you talking about just streaming content (using the RTSP protocol) or also about RA / RM files which can be fetched over HTTP?

Please provide more details then maybe we can work out something.

Regards,

Arvind Shyamsundar
Brainbench MVP for Internet Security.
0
Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

 

Author Comment

by:schreib
ID: 7005089
Hi Arvi:

We have a simple configuration with an inside and outside (connected to internet) network.  We need to prevent users on the inside from utilizing streaming media from the internet for bandwidth conservation reasons.  The challenge is that we are talking about streaming content that often / usually tunnels by way of http (port 80).

Herb
0
 
LVL 9

Accepted Solution

by:
TooKoolKris earned 200 total points
ID: 7014575
The problem with programs such as Napster is that it allows the user to define what port to communicate on. Napster by default uses TCP port 6969, however it can be changed to any other by choice.

As it has been mentioned streaming media can make use of port 80 which you would need to keep open for Internet usage. However these streaming connections do keep a consistent TCP connection open and if you query your router you can find the IP's of the streaming servers and then block those connections by IP.

Use the command "show IP cache flow" or "sh ip ca fl" on your Cisco router and you will see a connection list by IP of what machines on your side is making connections and to what IP's it is talking to. You should be able to recognize streamers by their high packet amounts because it's a constant connection. You then do a NSLOOKUP on that IP and you will hopefuly be able to determine that the user is streaming Audio. I love it when I catch them red-handed that way, the looks on their faces are priceless.

You need the backing of Management to enforce a policy that prohibits this type of Internet usage. Once you get this and catch a couple of people so they can be made an example of this problems slows greatly ;)

Trying to block all of the ports is going to be a useless cause. You need to either close all outbound ports over 1024 and then figure out the ones needed for business to open back up or get management involved with policing the people on the network.

Hope this helps,

TooKoolKris
MCSE+I, CCNA, A+
0
 

Author Comment

by:schreib
ID: 7015500
Thanks Kris!

That is the direction I will pursue.

Herb
0
 

Expert Comment

by:yachtingpromotions
ID: 30035113
Thanks Kris, worked like a charm, wish I could post the pictures of their faces lol.
0

Featured Post

Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
Here's a look at newsworthy articles and community happenings during the last month.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question