Solved

How to block Stream Media,Itunes radio,WIndows Media Player radio, real audio readio, itunes radio

Posted on 2008-10-16
13
7,930 Views
Last Modified: 2011-10-19
we have a T1 and currently have 30 users in it, and we are killing the bandwitdh, what i have found is that some of the users are playing radio, i would like to block all radio or most radio protocols using sonicwall 170 TZ, i know they all come thru port 80 but i cannot block this port because is also being utilize by Web traffic. is there a way i could create a real for port 80 inbound to block certain protocols? please help.

thanks
0
Comment
Question by:Cholo123
13 Comments
 
LVL 1

Expert Comment

by:tkuennen
ID: 22737322
To block iTunes your first need to start with the ports iTunes uses:
Port 3689 TCP
Port 5353 UDP
Blocking these ports on the firewall will stop iTunes streaming.

As for blocking all streaming media you will have to block all ports that the Real Time Streaming Protocol (RTSP) uses. To view the background of RTSP you will want to read the original RFC (2326) from the Internet Engineering Task Force.
http://tools.ietf.org/html/rfc2326
To view a list of the common IP ports you will want to review the common port listing from the Internet Assigned Numbers Authority (IANA)
http://www.iana.org/assignments/port-numbers
0
 
LVL 6

Expert Comment

by:ajeab
ID: 22759877
you can block the site directly. and/or block known extension.  Also, make it a company policy not allow to stream.  When the users know that their job may be on the line, most will stop.
0
 
LVL 7

Expert Comment

by:VCBooth
ID: 22766110
If they are coming through port 80 then you can either block the websites (as ajeab suggests) or, if you have Enhanced O/S and have downloaded the latest firmware then you can create an Application Firewall Rule for HTTP to block it.

Latest version has a wizard that should help you with this.

(With Application Firewall you can even throttle the bandwidth of the stations so that you don't need to block them entirely if it helps you)
0
 
LVL 4

Expert Comment

by:keamo
ID: 22814417
With the TZ170 you can block specific ports that use streaming media.  i.e. RTSP 554 UDP/TCP.  But, I would recommend using a product called Surfcontrol(now Websense).  You can get very granular in your control of who/what/when accesses internet destinations.
0
 

Author Comment

by:Cholo123
ID: 22828210
would you be able use this software to block most of the radio stations out there? we have a enterprise networking using sonicwalls, about 40 offices.
0
 
LVL 4

Expert Comment

by:keamo
ID: 22828247
Correct.  With Surfcontrol, you can block a number of different categories including Streaming Media.

http://www.surfcontrol.com/Default.aspx?id=374
SCwebfilter.pdf
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Author Comment

by:Cholo123
ID: 22828258
thx already asked for a quote hopefully is not expensive.
0
 
LVL 4

Expert Comment

by:keamo
ID: 22828270
That's the downside.  They're pricey.  But, IMHO, they are the best.  Good Luck!
0
 

Author Comment

by:Cholo123
ID: 22828307
one quick question in the tz 170 standard, firmware SonicOS Standard 3.1.5.0-2s, i dont have this protocol RTSP. i only have udp and tcp when creating ports. any tip if i should crate this somewhere else?
0
 
LVL 4

Expert Comment

by:keamo
ID: 22828318
You should have an existing default service called "Quicktime" with a TCP port of 554.  Then you can create your own custom service with UDP 554 and call it whatever you want.

http://www.cs.columbia.edu/~hgs/rtsp/
0
 

Author Comment

by:Cholo123
ID: 22828351
got it thanks a bunch , i'm also seeing this guy, should i block that port?

RealAudio  7070 TCP  
0
 
LVL 4

Accepted Solution

by:
keamo earned 500 total points
ID: 22828377
Yep.  You can block anything you want.  You can also go to Logs, Reports and click on "Start Data Collection" then select "Bandwidth Usage by IP Address" to see where the heavy hitters are. (Let this run for awhile to gather data)
0
 

Author Comment

by:Cholo123
ID: 22828383
thanks alot appreciated all the info.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now