Security Basics mailing list archives
RE: Streaming Media
From: LordInfidel <LordInfidel () Directionweb com>
Date: Wed, 1 Oct 2003 13:32:51 -0400
As with any application, there will always be some sort of risk. There are exploits out there against media players (real and wmp). But it is against the player themselves, not the protocol. This would be similar to an IE or Outlook exploit. Just allowing web traffic thru does not automatically make you vulnerable to attacks. (excluding the source port 80 attack scenarios that stateful firewalls should be dropping anyways). But if a end user was enticed to go to a malicious website, they would then be vulnerable to attack. Same goes for streaming media services. If the end user goes to a malicious site and tries to stream a malicious file. Then yes, they would be vulnerable. There are risks however of allowing UDP packets thru. But the big 3 (real, wmp and QuickTime) can all stream over http 80. You just need to configure the players as such. <in their default state, all protocols are selected and the players will try each one until they make a connection. so streaming media may already be taking place without you knowing about it> UDP is more flexible and fast when it comes to streaming. However, as long as the stream server is set up for http streaming, which most major vendors are. Then you should not have a problem, but rebuffering is more common over tcp then it is over udp. When your users complain about rebuffering it is not necessarily the stream server as much as the chosen protocol the stream is being delivered over. If you are going to allow streaming thru, you can do it one of 2 ways. Either configure the end users players to use HTTP only. Or make sure that your firewall rules are configured correctly. LordInfidel -----Original Message----- From: Simple Simon [mailto:simplesimon042 () hotmail com] Sent: Wednesday, October 01, 2003 6:54 AM To: security-basics () securityfocus com Subject: Streaming Media Hi List! I am looking desperately for information on security risks at the usage of streaming media. Do you have any recommodation?? Thanks, Simon _________________________________________________________________ Frustrated with dial-up? Get high-speed for as low as $29.95/month (depending on the local service providers in your area). https://broadband.msn.com --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Streaming Media Simple Simon (Oct 01)
- <Possible follow-ups>
- RE: Streaming Media LordInfidel (Oct 01)