Firewall Wizards mailing list archives
Re: Real Audio Security
From: Darren Reed <darrenr () reed wattle id au>
Date: Thu, 20 Jan 100 21:52:14 +1100 (EST)
Could someone point me to any research data on the security pitfalls of Real Audio through a firewall?
Particularly interested in bandwidth issues, use of PN prxy or other.
Well, factor in that apparently the TCP connection that gets made, either to or from the proxy, can come from any box on the 'net (so I'm told). My experience with this comes from writing IP Filter to only allow connections to be made to/from the IP#'s involved in the initial session setup, following the PNA protocol which you get port numbers from and then having it users tell me it doesn't work because the actual audio content comes from a different IP# out on the Internet. All in all, it amounts to a pretty insecure protocol if implemented to support that. I'm sure there is some interesting potential for exploiting this with a `fake' music server and getting people to open up ports! Darren
Current thread:
- Real Audio Security Cracknell, Phil (Jan 18)
- Re: Real Audio Security Darren Reed (Jan 20)
- <Possible follow-ups>
- RE: Real Audio Security Moore, James (Jan 18)
- RE: Real Audio Security ark (Jan 19)
- RE: Real Audio Security Moore, James (Jan 20)
- RE: Real Audio Security ark (Jan 20)
- RE: Real Audio Security LeGrow, Matt (Jan 20)
- RE: Real Audio Security ark (Jan 21)
- RE: Real Audio Security Rick Murphy (Jan 24)