Solved

Block Streaming Media with PIX or Cisco Access List

Posted on 2002-05-02
7
2,759 Views
Last Modified: 2013-11-16
Greetings fellow Experts:

I am running a military network with limited internet bandwidth.  One of the main activities which is wasting available bandwidth is the use of streaming media such as RealAudio, etc.  Does anyone know how to block access to streaming audio by use of a Cisco Pix Firewall or a Cisco Access-List?  Similarly, is it possible to block or limit access to services like Napster or its latest hybrids?  Any information would be greatly appreciated.

Regards,

Herb
0
Comment
Question by:schreib
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 11

Expert Comment

by:geoffryn
ID: 6987054
You have to know what specific ports to deny on an application by application basis.  The following shows the ports that are required for RA.  You would need similar info for each application.

http://service.real.com/firewall/adminfw.html
0
 

Author Comment

by:schreib
ID: 6987809
I believe that the problem is that RealAudio and other streaming media purposefully tries to circumvent firewalls (in order to increase potential viewership).  In doing so, they use other common ports such as 80 making blocking much more difficult.  It may require stateful packet inspection or some filtering at a layer above the network layer to succeed.

Herb
0
 

Expert Comment

by:arvi_sam
ID: 7004624
Hi,
Can you elaborate on your arrangement a bit more? Are you using PIX? In that case, do you have a DMZ or simply 2 zones on your PIX? Do you have any conduits / acls on the PIX at present?

Also you want to prevent RealAudio content from being accessed from within or do you wish to prevent RealAudio being served out? Lastly are you talking about just streaming content (using the RTSP protocol) or also about RA / RM files which can be fetched over HTTP?

Please provide more details then maybe we can work out something.

Regards,

Arvind Shyamsundar
Brainbench MVP for Internet Security.
0
IoT Devices - Fast, Cheap or Secure…Pick Two

The IoT market is growing at a rapid pace and manufacturers are under pressure to quickly provide new products. Can you be sure that your devices do what they're supposed to do, while still being secure?

 

Author Comment

by:schreib
ID: 7005089
Hi Arvi:

We have a simple configuration with an inside and outside (connected to internet) network.  We need to prevent users on the inside from utilizing streaming media from the internet for bandwidth conservation reasons.  The challenge is that we are talking about streaming content that often / usually tunnels by way of http (port 80).

Herb
0
 
LVL 9

Accepted Solution

by:
TooKoolKris earned 200 total points
ID: 7014575
The problem with programs such as Napster is that it allows the user to define what port to communicate on. Napster by default uses TCP port 6969, however it can be changed to any other by choice.

As it has been mentioned streaming media can make use of port 80 which you would need to keep open for Internet usage. However these streaming connections do keep a consistent TCP connection open and if you query your router you can find the IP's of the streaming servers and then block those connections by IP.

Use the command "show IP cache flow" or "sh ip ca fl" on your Cisco router and you will see a connection list by IP of what machines on your side is making connections and to what IP's it is talking to. You should be able to recognize streamers by their high packet amounts because it's a constant connection. You then do a NSLOOKUP on that IP and you will hopefuly be able to determine that the user is streaming Audio. I love it when I catch them red-handed that way, the looks on their faces are priceless.

You need the backing of Management to enforce a policy that prohibits this type of Internet usage. Once you get this and catch a couple of people so they can be made an example of this problems slows greatly ;)

Trying to block all of the ports is going to be a useless cause. You need to either close all outbound ports over 1024 and then figure out the ones needed for business to open back up or get management involved with policing the people on the network.

Hope this helps,

TooKoolKris
MCSE+I, CCNA, A+
0
 

Author Comment

by:schreib
ID: 7015500
Thanks Kris!

That is the direction I will pursue.

Herb
0
 

Expert Comment

by:yachtingpromotions
ID: 30035113
Thanks Kris, worked like a charm, wish I could post the pictures of their faces lol.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recovering from what the press called "the largest-ever cyber-attack", IT departments worldwide are discussing ways to defend against this in the future. In this process, many people are looking for immediate actions while, instead, they need to tho…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Suggested Courses

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question