OK, the issue is that a quicktime file can be streamed from a webserver
as well (as can RealAudio these days) so if you shut of RTSP they won't
be able to access live streams, or specifically streamed content (as
found at http://www.apple.com/quicktime) but they would get web based
content (for instance http://www.kleber.net/warp/squarepusher2.mov
WARNING: 27Megs) which doesn't use the quicktime server, but relies on
fast network latency so that the file downloads quicker than it plays
(or doesn't in the case of the example I've given you, but that was kind
of the idea)
So you'd have to either block web connection to block all quicktime, or
put in an application level proxy (web proxy) which filters mime content
types (the default mime type is video/quicktime). Basically any file can
be transfered via HTTP (port 80), so it's an incredibly easy way to
channel content through, especially when using active x controls and
plug-ins in browsers.
Unfortunatly all I can do is help you with the theory of quicktime, I'm
not a huge firewall person (know the theory and some practise, but not
all the details unfortunatly), or transport level (tcp v. udp), so this
is as much as I can say really. Someone else may pick this up so I've
sent this back onto the list.
S Windhausen wrote:
>
> My requirements were to shut off RTSP. I deny every tcp port, and only
> permit certain tcp ports. Quicktime was still able to get through. I don't
> know if this is true or not, but the syslog showed that the http port tcp
> (80) was being accessed. I dont deny any outbound UDP ports. Should I in
> order to stop quicktime ? What other UDP ports should I deny ? Any
> suggestions ? Any brief explanations of tcp v. udp ports ? Thanks. -Steve
>
> ----- Original Message -----
> From: Dorian Moore <[EMAIL PROTECTED]>
> To: Firewalls List <[EMAIL PROTECTED]>
> Sent: Thursday, October 28, 1999 6:53 AM
> Subject: Re: PIX and Quicktime streaming
>
> > Theoretically they both run using RTSP (Real Time Streaming Protocol),
> > and you should just be able to open the appropriate ports on the
> > firewall:
> >
> > Open port 554 for RTSP/TCP data.
> >
> > Open ports 6970 through 6999 (inclusive) for RTP/UDP data.
> >
> > (from http://www.apple.com/quicktime/resources/qt4/us/proxy/)
> >
> > Though in my experience I can get RealAudio via RTSP through my firewall
> > (not PIX), thought not quicktime via RTSP. Apple do a 'free' *nix based
> > proxy server for RTSP (downloadable from a link on
> > http://www.apple.com/quicktime) but I've not managed to get this to work
> > succesfully (it starts the transactions, but then fails, and there is
> > very little support for the software or any guidance to what the problem
> > may be). You can also run via a SOCKS proxy.
> >
> > Marc Renner wrote:
> > >
> > > What Port does Quicktime run on? Is there any reason why one couldnt
> enable a port for this, similar to Real Audio. Or is it in fact some type of
> proprietary protocol..
> > >
> > > -se7en-
--
Dorian Moore ..................................... Technical Director
Kleber Design Limited ......................... http://www.kleber.net
T +44 [0]207 581 1362 ......................... F +44 [0]207 581 0489
60 Albert Court ... Prince Consort Road ... London ... SW7 2BE ... UK
"View the source, Luke"
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
