| Author |
Message |
Charles Newman
Guest
|
 Posted:
Fri Oct 14, 2005 4:21 pm Post subject:
Re: March 29, 2006 total eclipse - IT admin's WORST NIGHTMAR |
|
|
"Owl Jolsen" <owljolsen@nym.alias.net> wrote in message
news:20051002071114.22718.qmail@nym.alias.net...
| Quote: |
In less than 6 months, we will be one of several online media companies
webcasting the total solar eclipse from Africa, on 29th March, 2006. This
will be during the working hours in Europe.
For corporate IT admins in Europe, this will be their WORST NIGHTMARE
come to life. We are working on and improving our system in sucha way that
corporate IT admins in Europe will not be able to stop people from
watching
the eclipse without shutting down the ENTIRE NETWORK. We will be using a
heavily encrypted feed, so that any IT admins that try to sniff the
packets
wont get anything. As somoene said once "The book will be open, but the
pages will all be in an unreadble language".
We will be running an ecnrypted link over port 80. There is NO WAY that
can be shut down without cutting off ALL web access to the network. We are
taking a cue from Kazaa, and P2P services, and are using encrypted links
over port 80, which admins will be unable to stop without shutting down
the
entire network.
As far as eclipses go, this will be the longest, as far as totality
goes,
since one of our competitors began webcasting eclipses way back in 1997.
Where we plan to he webcasting from, it will be at about 10:45 AM British
Summer Time, 11:45 in Central Europe (Europe goes to Summer Time on
Sunday,
26th March).
Basically, people will be watching the eclipse, and gobbling down HUGE
amounts of bandwidth. We plan to offer feeds up to 100K in bitrate, and
that
will add up fast. Users will be clogging the network watching the eclipse,
and corporate IT admins will have no CLUE as to what is going in, becusae
the
feeds will be encrypted.
The REAL nightmare scenario on this for IT admins, will be in the year
2009, when we will be webcasting a total solar eclipse with 6 minutes and
38 seconds of totality from Shanghai, China, on 22nd July, 2009. For
nearly
7 minutes, poeple will be clooging network bandwidth all over Asia, and
becuase it will be encrypted, admins will never know that people are
watching
the solar eclipse. It will also being during the workday in Australia, so
Australian admins will also wonder why the bandwidth usage is going so
high.
|
As for the figure skating coverage they are doing, I think he is doing a
test
run at a compeittion in Vienna, because on Fs discussion board posts a
direct
link to live video. If this is eventually to be their video feed, Tiny
Personal
Firewall, placed on the network server, can stop it. I have outgoing traffic
restricted to pots 80 and 443, on the proxy, and that is enough to stop it.
Tiny, when put on a network server, has this flexibility that your hardware
firewalls do not, so if you want to stop this guy's video streaming, you
will
need to have Tiny, to effectively block it. If this is this guy's company
doing a test run, the stream runs at 339K bandwidth, that would eat
up your company bandwidth in a hurry. You better put a Windows box
with Tiny on it, on your network, to stop this on the network level.
It appears, as well, that HTTP-only is disallowed, and they will
only allow RTSP/MMS, on ports 554 and 1755, so using Tiny
and telling it to restrict your HTTP proxy to ports 80 and 443
should do the trick. This guy obviously never thought of what
Tiny, and other software based firewall programs can do.
Call it s "toy firewall", if you like, but it is the only foolproof
way you will be able to shut this guy's stuff down. Windows
Media player 10 tunnels through whatever HTTP proxy
that IE, or whatever the default broswer, is set to use. So
using Tiny, and restricting your HTTP proxy to ports 80 and
443 should do the trick. |
|
| Back to top |
|
 |
Charles Newman
Guest
|
| Posted:
Fri Oct 14, 2005 4:21 pm Post subject:
Re: March 29, 2006 total eclipse - IT admin's WORST NIGHTMAR |
|
|
"Charles Newman" <charlesnewman1@comcast.spamkiller.net> wrote in message
news:U4SdnezO5enjItLenZ2dnUVZ_tKdnZ2d@comcast.com...
| Quote: |
"Owl Jolsen" <owljolsen@nym.alias.net> wrote in message
news:20051002071114.22718.qmail@nym.alias.net...
In less than 6 months, we will be one of several online media
companies
webcasting the total solar eclipse from Africa, on 29th March, 2006.
This
will be during the working hours in Europe.
For corporate IT admins in Europe, this will be their WORST NIGHTMARE
come to life. We are working on and improving our system in sucha way
that
corporate IT admins in Europe will not be able to stop people from
watching
the eclipse without shutting down the ENTIRE NETWORK. We will be using a
heavily encrypted feed, so that any IT admins that try to sniff the
packets
wont get anything. As somoene said once "The book will be open, but the
pages will all be in an unreadble language".
We will be running an ecnrypted link over port 80. There is NO WAY
that
can be shut down without cutting off ALL web access to the network. We
are
taking a cue from Kazaa, and P2P services, and are using encrypted links
over port 80, which admins will be unable to stop without shutting down
the
entire network.
As far as eclipses go, this will be the longest, as far as totality
goes,
since one of our competitors began webcasting eclipses way back in 1997.
Where we plan to he webcasting from, it will be at about 10:45 AM
British
Summer Time, 11:45 in Central Europe (Europe goes to Summer Time on
Sunday,
26th March).
Basically, people will be watching the eclipse, and gobbling down
HUGE
amounts of bandwidth. We plan to offer feeds up to 100K in bitrate, and
that
will add up fast. Users will be clogging the network watching the
eclipse,
and corporate IT admins will have no CLUE as to what is going in,
becusae
the
feeds will be encrypted.
The REAL nightmare scenario on this for IT admins, will be in the
year
2009, when we will be webcasting a total solar eclipse with 6 minutes
and
38 seconds of totality from Shanghai, China, on 22nd July, 2009. For
nearly
7 minutes, poeple will be clooging network bandwidth all over Asia, and
becuase it will be encrypted, admins will never know that people are
watching
the solar eclipse. It will also being during the workday in Australia,
so
Australian admins will also wonder why the bandwidth usage is going so
high.
As for the figure skating coverage they are doing, I think he is doing a
test
run at a compeittion in Vienna, because on Fs discussion board posts a
direct
link to live video. If this is eventually to be their video feed, Tiny
Personal
Firewall, placed on the network server, can stop it. I have outgoing
traffic
restricted to pots 80 and 443, on the proxy, and that is enough to stop
it.
Tiny, when put on a network server, has this flexibility that your
hardware
firewalls do not, so if you want to stop this guy's video streaming, you
will
need to have Tiny, to effectively block it. If this is this guy's company
doing a test run, the stream runs at 339K bandwidth, that would eat
up your company bandwidth in a hurry. You better put a Windows box
with Tiny on it, on your network, to stop this on the network level.
It appears, as well, that HTTP-only is disallowed, and they will
only allow RTSP/MMS, on ports 554 and 1755, so using Tiny
and telling it to restrict your HTTP proxy to ports 80 and 443
should do the trick. This guy obviously never thought of what
Tiny, and other software based firewall programs can do.
Call it s "toy firewall", if you like, but it is the only foolproof
way you will be able to shut this guy's stuff down. Windows
Media player 10 tunnels through whatever HTTP proxy
that IE, or whatever the default broswer, is set to use. So
using Tiny, and restricting your HTTP proxy to ports 80 and
443 should do the trick.
|
This guy has somehow manged to figure out how to keep it
from showing up in the firewall. When I turn off the rule blocking
ports 1000-5300 on the Socks and RTSP servers, and then
connect, it does not show up either in the active processes,
or in the logs. If this is the OP's company sending this, they
have somehow come up with a way to keep it from showing
up in the firewall. AllegroSurf runs both the Socks and RTSP
proxies on mynetwork, yet the firewall does not show the
connection that AllegroSurf is making to the video feed.
If these guys really have found a way to do it without
it showing up in the firewall, someone, at this very point
in time, may be watching, and your firewall logs wont show
anything. It looks as if he, and his engineers, are smarter than
anyone gives them credit for. |
|
| Back to top |
|
|
Leythos
Guest
|
| Posted:
Fri Oct 14, 2005 11:23 pm Post subject:
Re: March 29, 2006 total eclipse - IT admin's WORST NIGHTMAR |
|
|
In article <U4SdnezO5enjItLenZ2dnUVZ_tKdnZ2d@comcast.com>,
charlesnewman1@comcast.spamkiller.net says...
| Quote: | If this is eventually to be their video feed, Tiny
Personal Firewall, placed on the network server, can stop it. I have
outgoing traffic restricted to pots 80 and 443, on the proxy, and
that is enough to stop it.
|
Sorry, but if you don't do more than just limit outbound to 80/443, then
you won't stop it.
--
spam999free@rrohio.com
remove 999 in order to email me |
|
| Back to top |
|
|
Leythos
Guest
|
| Posted:
Fri Oct 14, 2005 11:24 pm Post subject:
Re: March 29, 2006 total eclipse - IT admin's WORST NIGHTMAR |
|
|
In article <ja6dncb5VJfCT9LeRVn-qw@comcast.com>, charlesnewman1
@comcast.spamkiller.net says...
| Quote: | It looks as if he, and his engineers, are smarter than
anyone gives them credit for.
|
Wrong, it's just that you don't have a firewall to show it. If you had
even a partial clue about networking you would find it easily.
--
spam999free@rrohio.com
remove 999 in order to email me |
|
| Back to top |
|
|
Moe Trin
Guest
|
| Posted:
Sat Oct 15, 2005 5:59 am Post subject:
Re: March 29, 2006 total eclipse - IT admin's WORST NIGHTMAR |
|
|
In the Usenet newsgroup comp.security.firewalls, in article
<ja6dncb5VJfCT9LeRVn-qw@comcast.com>, Charles Newman wrote:
| Quote: |
"Charles Newman" <charlesnewman1@comcast.spamkiller.net> wrote
It appears, as well, that HTTP-only is disallowed, and they will
only allow RTSP/MMS, on ports 554 and 1755, so using Tiny
and telling it to restrict your HTTP proxy to ports 80 and 443
should do the trick. This guy obviously never thought of what
Tiny, and other software based firewall programs can do.
Call it s "toy firewall", if you like, but it is the only foolproof
way you will be able to shut this guy's stuff down.
This guy has somehow manged to figure out how to keep it
from showing up in the firewall.
|
So, Charles - your toy firewall is as useless as everyone has been
telling you? Actually, there is a very simple way around this, but
you don't understand networking, so it's beyond you to set it up.
Why am I not surprised.
| Quote: | It looks as if he, and his engineers, are smarter than
anyone gives them credit for.
|
If you are comparing his skills to yours, one would expect a disparity.
Old guy |
|
| Back to top |
|
|
Charles Newman
Guest
|
| Posted:
Sat Oct 15, 2005 7:49 am Post subject:
Re: March 29, 2006 total eclipse - IT admin's WORST NIGHTMAR |
|
|
"Moe Trin" <ibuprofin@painkiller.example.tld> wrote in message
news:slrndl0l36.r4l.ibuprofin@compton.phx.az.us...
| Quote: | In the Usenet newsgroup comp.security.firewalls, in article
ja6dncb5VJfCT9LeRVn-qw@comcast.com>, Charles Newman wrote:
"Charles Newman" <charlesnewman1@comcast.spamkiller.net> wrote
It appears, as well, that HTTP-only is disallowed, and they will
only allow RTSP/MMS, on ports 554 and 1755, so using Tiny
and telling it to restrict your HTTP proxy to ports 80 and 443
should do the trick. This guy obviously never thought of what
Tiny, and other software based firewall programs can do.
Call it s "toy firewall", if you like, but it is the only foolproof
way you will be able to shut this guy's stuff down.
This guy has somehow manged to figure out how to keep it
from showing up in the firewall.
So, Charles - your toy firewall is as useless as everyone has been
telling you? Actually, there is a very simple way around this, but
you don't understand networking, so it's beyond you to set it up.
Why am I not surprised.
|
Well, when I turn the rule for blocking port 80, and ports 1000
to 5300 for the program running the Socks and RTSP proxies, it
does stop it. |
|
| Back to top |
|
|
Leythos
Guest
|
| Posted:
Sat Oct 15, 2005 7:58 am Post subject:
Re: March 29, 2006 total eclipse - IT admin's WORST NIGHTMAR |
|
|
In article <muKdnbnoQLao883eRVn-jw@comcast.com>, charlesnewman1
@comcast.spamkiller.net says...
| Quote: | Well, when I turn the rule for blocking port 80, and ports 1000
to 5300 for the program running the Socks and RTSP proxies, it
does stop it.
|
But, if you had a real firewall, you could leave Port 80 open, port 443
open (outbound) and it could still be blocked - you just don't seem to
get the idea that a quality firewall solution can easily block that
crap.
--
spam999free@rrohio.com
remove 999 in order to email me |
|
| Back to top |
|
|
Ignis Fatuus
Guest
|
| Posted:
Tue Oct 18, 2005 8:23 am Post subject:
Re: March 29, 2006 total eclipse - IT admin's WORST NIGHTMAR |
|
|
Charles Newman wrote:
| Quote: | "Leythos" <void@nowhere.lan> wrote in message
news:2WB2f.31118$tD4.22938@tornado.ohiordc.rr.com...
In article <55Kdnb72H94HetfeRVn-ow@comcast.com>, charlesnewman1
@comcast.spamkiller.net says...
We were taught in certain business managment courses, that unless
you actually have the content they were downloading, you don't
dare use inappropriate internet usage as a reason to fire someone.
You look for another reason to fire them. That is what I was
taught in busienss management courses at one time.
And it doesn't stop people from being Fired for ACCESSING NON-BUSINESS
NECESSARY sites, and since we can account for browsing habits/time, it's
easy to FIRE someone for spending to much time on the Intenet instead of
working.
Well, you better be careful, if you dont have the actual content. You
better have another reason to fire them, that will stand up on court,
or your a$$ is gra$$, and they are a lawnmower.
You need to get into a class that was taught in the 90's or 2000's
years.
This is what I was taught in the late 1990s. I was taught in a
business law class that when it comes to firing for
inappropriate internet use, and dont have the actual
content they viewed or downloaded, you better find another
reason to fire them. You can find other reasons to fire
someone, you just need to be creative about it.
Ha. Creative reasons for termination. I can't *wait* until the |
employee or employees bring a wrongful termination suit against your
uninformed, "creative" ass. Expect to hear from either the DFEH and/or
DLSE and expect your company to settle out of court, subsequently.
Unless of course its in house legal dept wants to pay attys fees for a
protracted civ lit suit. |
|
| Back to top |
|
|
Moe Trin
Guest
|
| Posted:
Wed Oct 19, 2005 1:02 am Post subject:
Re: March 29, 2006 total eclipse - IT admin's WORST NIGHTMAR |
|
|
In the Usenet newsgroup comp.security.firewalls, in article
<4354865D.9010209@cox.com>, Ignis Fatuus wrote:
| Quote: | Charles Newman wrote:
This is what I was taught in the late 1990s. I was taught in a
business law class that when it comes to firing for
inappropriate internet use, and dont have the actual
content they viewed or downloaded, you better find another
reason to fire them. You can find other reasons to fire
someone, you just need to be creative about it.
|
So, you are saying that the instructor taught you to lie?
| Quote: | Ha. Creative reasons for termination. I can't *wait* until the
employee or employees bring a wrongful termination suit against your
uninformed, "creative" ass. Expect to hear from either the DFEH and/or
DLSE and expect your company to settle out of court, subsequently.
Unless of course its in house legal dept wants to pay attys fees for a
protracted civ lit suit.
|
Hey! Wait a minute! Charles has just said that he took "a" class
in business law (just like he took "a" class in microsoft network stuff).
He's an _expert_ in this stuff... sorta
Old guy |
|
| Back to top |
|
|
Somebody.
Guest
|
| Posted:
Wed Oct 19, 2005 1:44 am Post subject:
Re: March 29, 2006 total eclipse - IT admin's WORST NIGHTMAR |
|
|
"Moe Trin" <ibuprofin@painkiller.example.tld> wrote in message
news:slrndlal7a.pgj.ibuprofin@compton.phx.az.us...
| Quote: | In the Usenet newsgroup comp.security.firewalls, in article
4354865D.9010209@cox.com>, Ignis Fatuus wrote:
Charles Newman wrote:
This is what I was taught in the late 1990s. I was taught in a
business law class that when it comes to firing for
inappropriate internet use, and dont have the actual
content they viewed or downloaded, you better find another
reason to fire them. You can find other reasons to fire
someone, you just need to be creative about it.
So, you are saying that the instructor taught you to lie?
Ha. Creative reasons for termination. I can't *wait* until the
employee or employees bring a wrongful termination suit against your
uninformed, "creative" ass. Expect to hear from either the DFEH and/or
DLSE and expect your company to settle out of court, subsequently.
Unless of course its in house legal dept wants to pay attys fees for a
protracted civ lit suit.
Hey! Wait a minute! Charles has just said that he took "a" class
in business law (just like he took "a" class in microsoft network stuff).
He's an _expert_ in this stuff... sorta
Old guy
|
Been reading this group only a few weeks, but I have an observation:
Old guy: you're fun to have around.
Cheers.
-Russ. |
|
| Back to top |
|
|
Mike
Guest
|
| Posted:
Wed Oct 19, 2005 4:21 pm Post subject:
Re: March 29, 2006 total eclipse - IT admin's WORST NIGHTMAR |
|
|
Owl Jolsen wrote:
| Quote: | "Leythos" <void@nowhere.lan> wrote in message news:wsC2f.31126$tD4.4678@tornado.ohiordc.rr.com...
In article <20051010225903.16559.qmail@nym.alias.net>,
owljolsen@nym.alias.net says...
Also, as far as anything going on in Europe, partcularly the
29th March solar eclipse in Africa goes, a lot of cell phones in
Europe now have high-speed internet access built-in. Someone who
REALLY wanted to sneak on from work could unplug from the company
LAN, and plug their office PC into their cell phone, and sign on that
way.
If the user doesn't have local administrator access then they won't be
able to change the Proxy settings and won't be able to use the Cell
Phone method - and once again, a properly setup network won't all your
crap to be accessed.
However, local adminstrator access inside the PC can be hacked.
There are hacking tools out there that will let you get local
administrator access to the PC, without compromising the company
network. You just disconnect from the network, before hacking your
way into local adminstrator access. There are enough security holes
in Windows that any NT, XP, 2000, 2003, or Vista box could be hacked
to allow you local administrator access without compromising the
network or leaving any telltale entries in the logs. As long as you
are not connected to the network when you break into local administrator
access on the PC, they will never know, a standalone XP machine does
not keep any logs, so there is no POSSIBLE way for them to know you
have broken into administrator access on the local machine, as long
as you are not plugged into the network when you do it. And before
anyone says "keylogger", there are programs that can hunt down and
destroy any keylogging software installed on your PC, and once you
have hacked into administrator acceess on the local PC, you can run
one of these programs and destroy the keyloging software.
|
And of course the average office clerk has enough computing expertise to
install all this 'hacking' software and cover their tracks so they can
....... watch an eclipse. |
|
| Back to top |
|
|
Mike
Guest
|
| Posted:
Wed Oct 19, 2005 4:21 pm Post subject:
Re: March 29, 2006 total eclipse - IT admin's WORST NIGHTMAR |
|
|
Owl Jolsen wrote:
< Snip clueless networking drivel >
One question. If this broadcast system is supposed to bring the networks
to a grinding halt, how is anyone supposed to watch the event your
broadcasting? Seems to defeat the object of the exercise to me. |
|
| Back to top |
|
|
Moe Trin
Guest
|
| Posted:
Fri Oct 21, 2005 12:51 am Post subject:
Re: March 29, 2006 total eclipse - IT admin's WORST NIGHTMAR |
|
|
In the Usenet newsgroup comp.security.firewalls, in article
<h-WdnQ11oZ45-MveRVnyiw@pipex.net>, Mike wrote:
| Quote: | One question. If this broadcast system is supposed to bring the networks
to a grinding halt, how is anyone supposed to watch the event your
broadcasting? Seems to defeat the object of the exercise to me.
|
You really don't expect a troll to notice all the little details, do you?
Old guy |
|
| Back to top |
|
|
Charles Newman
Guest
|
| Posted:
Sat Oct 29, 2005 6:05 am Post subject:
Re: March 29, 2006 total eclipse - IT admin's WORST NIGHTMAR |
|
|
"Moe Trin" <ibuprofin@painkiller.example.tld> wrote in message
news:slrndlft96.hqq.ibuprofin@compton.phx.az.us...
| Quote: | In the Usenet newsgroup comp.security.firewalls, in article
h-WdnQ11oZ45-MveRVnyiw@pipex.net>, Mike wrote:
One question. If this broadcast system is supposed to bring the networks
to a grinding halt, how is anyone supposed to watch the event your
broadcasting? Seems to defeat the object of the exercise to me.
You really don't expect a troll to notice all the little details, do you?
|
There might be more tests going on. I caught a video
feed of Skate America that was pure genius. It kept
changing port numbers and addresses like crazy.
Based on what this guy kept talking about in the past,
it could be them. It if is, the only way to stop it is
to block everything from ports 1000 through 9000. |
|
| Back to top |
|
|
Charles Newman
Guest
|
| Posted:
Sat Oct 29, 2005 8:22 am Post subject:
Re: March 29, 2006 total eclipse - IT admin's WORST NIGHTMAR |
|
|
"Leythos" <void@nowhere.lan> wrote in message
news:o3C8f.73308$Hs.28044@tornado.ohiordc.rr.com...
| Quote: | In article <ccydnSSUvdooUP_eRVn-rg@comcast.com>, charlesnewman1
@comcast.spam-me-not.net says...
"Moe Trin" <ibuprofin@painkiller.example.tld> wrote in message
news:slrndlft96.hqq.ibuprofin@compton.phx.az.us...
In the Usenet newsgroup comp.security.firewalls, in article
h-WdnQ11oZ45-MveRVnyiw@pipex.net>, Mike wrote:
One question. If this broadcast system is supposed to bring the
networks
to a grinding halt, how is anyone supposed to watch the event your
broadcasting? Seems to defeat the object of the exercise to me.
You really don't expect a troll to notice all the little details, do
you?
There might be more tests going on. I caught a video
feed of Skate America that was pure genius. It kept
changing port numbers and addresses like crazy.
Based on what this guy kept talking about in the past,
it could be them. It if is, the only way to stop it is
to block everything from ports 1000 through 9000.
Wrong, any real firewall will block it.
|
Well, the constantly changing ports and addresses, port
blocking is the only feasable way to stop it. With the
real-time monitoring in Tiny Personal Fireall (sorry, but
your hardware firewalls have not learned this yet), I
watched as addresses and ports changed like crazy,
that would make anything other than port blocking to
be useless. These guys know what they are doing
with computers, and port blocking is the only fesable
way to stop them.
This is where Tiny has the advantage over a hardware
appliance. Firewall rules can be given precedence. I
can tell Tiny to block everything from port 1000 to
9000, but if there is something else I want to allow
in that range, I can create rule with a higher precdence
to allow that specific service, while blocking everything
else in the port range. Hardware appliances dont have
precedence for rules like Tiny Personal Firewall does.
Score another one for software firewalls. |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in