RE: stop audio streams

["McKinley, Jackson" <Jackson.McKinley () team telstra com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If your company has a standard image of workstations you can just remove
mediaplayers from the image.  Also take away local admin and so they
cant install any media apps.

Other option is to find out what sites they like to visit and just
"blacklist" them.

Or tell them to quit it becouse they are breaking the Company User
Policy.

- -----Original Message-----
From: Jason Beauford [mailto:jmbeauford () hotmail com] 
Sent: Friday, 5 August 2005 5:02 AM
To: jared () lewiscommunications com; security-basics () securityfocus com
Subject: RE: stop audio streams

One way I have found effective is not to block the audio streams
themselves, but rather the RADIO LISTING Streams.  Run an ethereal
sessions between some of the internet radio clients (Winamp, Real
Player, Itunes etc..) and your router.  You should see connections made
to specific sites as the program loads.  When this happens it is
downloading an XML file which lists the radio channels available.  Block
access to that site and you will cause the program to error out.
Effectively stopping the radio communications.

Now if the user has any bookmarked, you're out of luck.  Also wont work
if they go to websites that stream over port 80, like some radio station
websites do.  But again, I've had great success with the solution I
mentioned.

Good Luck.

JMB

> From: Jared Lyvers <jared () lewiscommunications com>
> To: security-basics () securityfocus com
> Subject: stop audio streams
> Date: Tue, 2 Aug 2005 16:17:14 -0500
>
> I was wondering if anyone new of a way to block all online radio / 
> audio streams w/ iptables.
>
> I am currently only blocking itunes ( due to the amount of OSX users ) 
> w/ the following:
> iptables -t nat -I POSTROUTING --destination 17.254.4.130 -j DROP
>
> I tried blocking the ports that it used but some stations will also use

> port 80 so I didn't want to block that due to its use for standard 
> websites.  However, I know that a few people have tried to get other 
> programs ie. audion in order to by pass the itunes rule I have in
place.
> Is there a better solution for this that I am overlooking?  Would 
> blocking shoutcast, Icecast or any others be as simple as blocking a 
> port number or range.
>
> Thanks,
> JL
>
> --
>
> // Jared Lyvers
> // ---------------------------
> // Director of Interactive
> // Director of IT
> // ---------------------------
> // www.lewiscommunications.com
> // 205  .  980  .  0774


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (MingW32)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAkL4ASwACgkQ4Tg6VO8hWusYywCfXbXLO3TrXkuIlCzvbm2AVDh5
cfMAnjGx1NPlKNTn4RyjLBnQyl5pLGOP
=UplJ
-----END PGP SIGNATURE-----