Hi Jane What about other valid applications that could use either TCP or UDP 554 ??
It may be more work, but wouldn't access to the streaming servers be disallowed ? With most browser/streaming applications, you can change the proxy port or even the port to use for streaming audio/video. Pretty soon you could find yourself blocking loads of ports... Just my 2 cents worth... Jude ----- Original Message ----- From: "Jane Han" <[EMAIL PROTECTED]> To: "ALLEN, DONALD S (AIT)" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, July 25, 2003 3:52 PM Subject: RE: where should I start? help! > Thank you so much for all your help. Finally, I found > the problem. many streaming radio or video using port > 554. > > If I want to block all streamimg radio or video on the > PIX, > > can I use access-list 100 deny tcp any any eq 554 > access-list 100 deny udp any any eq 554 > > Any other suggestions or concerns? > > Thanks again, > > Jane > > > --- "ALLEN, DONALD S (AIT)" <[EMAIL PROTECTED]> wrote: > > Show Conns or show conns? > > Show Xlate or show xlate? > > > > And using the PDM web module are ways to get Pix > > information without a > > sniffer. > > > > > > > > -----Original Message----- > > From: Jane Han [mailto:[EMAIL PROTECTED] > > Sent: Thursday, July 24, 2003 9:08 AM > > To: Ben Hicks; [EMAIL PROTECTED]; > > [EMAIL PROTECTED] > > Cc: [EMAIL PROTECTED] > > Subject: RE: where should I start? help! > > > > > > Thanks for all help. If I want to find all traffic > > on > > the PIX internal interface, what should I do? using > > sniffer? How do I position the sniffer? How can I > > span port on the PIX or I have to do spanning on the > > switch? > > > > Any suggestions or help will be highly appreciated. > > > > > > switch ---PIX---external router > > > > The exernal router serial interface status as > > follows: Serial0/0 is up, line > > protocol is up > > Hardware is DSCC4 Serial > > Internet address is a.b.c.d/30 > > MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, > > reliability 255/255, txload 24/255, rxload > > 235/255 > > Encapsulation HDLC, loopback not set > > Keepalive set (10 sec) > > Last input 00:00:05, output 00:00:01, output hang > > never > > Last clearing of "show interface" counters 1d23h > > Input queue: 0/75/0/0 (size/max/drops/flushes); > > Total output drops: 0 > > Queueing strategy: fifo > > Output queue: 0/100 (size/max) > > 30 second input rate 1424000 bits/sec, 230 > > packets/sec > > 30 second output rate 147000 bits/sec, 161 > > packets/sec > > 16859032 packets input, 2850828712 bytes, 0 no > > buffer > > Received 17055 broadcasts, 0 runts, 0 giants, 0 > > throttles > > 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 > > ignored, 0 abort > > 13720059 packets output, 3084799197 bytes, 0 > > underruns > > 0 output errors, 0 collisions, 0 interface > > resets > > 0 output buffer failures, 0 output buffers > > swapped out > > 0 carrier transitions > > DCD=up DSR=up DTR=up RTS=up CTS=up > > > > > > Thanks in advance, > > > > Jane > > --- Ben Hicks <[EMAIL PROTECTED]> wrote: > > > Hmm, So the firewall is performing the nat then. > > > > > > Just out of interest, what is the firewall doing? > > > does it have any access > > > lists on it ? > > > > > > Thanks, > > > > > > Ben > > > > > > > > > > > > -----Original Message----- > > > From: Jane Han [mailto:[EMAIL PROTECTED] > > > Sent: 15 July 2003 16:20 > > > To: Ben Hicks; [EMAIL PROTECTED] > > > Subject: RE: where should I start? help! > > > > > > > > > Ben, > > > > > > I appreciate your answer. I enabled the IP > > > accounting > > > and the IP accounting only shows the destination > > > address as public address (NAT). Is there a way > > > that > > > I can trace this public IP address (NAT) to > > > the internal private IP address? > > > > > > Thanks, > > > > > > Jane > > > > > > --- Ben Hicks <[EMAIL PROTECTED]> wrote: > > > > The interface is very heavily utilised on the > > > > receiving of information - i.e > > > > persons downloading. > > > > > > > > Your interface (at the time of the snapshit) was > > > > very heavily utilised. > > > > 188/255 RX suggest that your link is about 75% > > > > utilised, which is very high. > > > > > > > > There are of course many other things that could > > > be > > > > attirbuting to the > > > > problem, but I would start here. > > > > > > > > You could perhaps enable ip accounting to find > > out > > > > which IP addresses are > > > > accessing the most amount of information. > > > > > > > > HTH > > > > > > > > Ben. > > > > > > > > -----Original Message----- > > > > From: Jane Han [mailto:[EMAIL PROTECTED] > > > > Sent: 08 July 2003 15:41 > > > > To: [EMAIL PROTECTED] > > > > Subject: where should I start? help! > > > > > > > > > > > > Hi, all > > > > > > > > I am relatively new to this field. We have full > > > T1 > > > > but the internet speed is very slow. > > > > Sometimes it's even slower than dial-up speed > > when downloading > > > > files. > > > > E1 E0 E0 s0 > > > > Switch --- PIX ------Cisco 2600 > > > > Router------Internet > > > > > > > > (E1 and E0 are Ethernet Interface and S0 is > > serial > > > > interface) (please see the following status on > > s0) > > > > > > > > Serial0/0 is up, line protocol is up > > > > Hardware is QUICC Serial > > > > Internet address is X.X.X.X/30 > > > > MTU 1500 bytes, BW 2048 Kbit, DLY 20000 usec, > > > > reliability 255/255, txload 26/255, rxload > > > > 188/255 > > > > Encapsulation HDLC, loopback not set > > > > Keepalive set (10 sec) > > > > Last input 00:00:02, output 00:00:00, output > > > hang > > > > never > > > > Last clearing of "show interface" counters > > never > > > > Input queue: 0/75/9199/0 > > > (size/max/drops/flushes); > > > > Total output drops: 3307 > > > > Queueing strategy: weighted fair > > > > Output queue: 0/1000/64/3307 (size/max > > > > total/threshold/drops) > > > > Conversations 0/57/256 (active/max > > > active/max > > > > total) > > > > Reserved Conversations 0/0 (allocated/max > > > > allocated) > > > > 30 second input rate 1510000 bits/sec, 235 > > > > packets/sec > > > > 30 second output rate 214000 bits/sec, 173 > > > > packets/sec > > > > 76598509 packets input, 1523011153 bytes, 0 > > > no > > > > buffer > > > > Received 104544 broadcasts, 0 runts, 0 > > > giants, > > > > 0 > > > > throttles > > > > 1 input errors, 0 CRC, 1 frame, 0 overrun, > > 0 > > > > ignored, 0 abort > > > > 66685034 packets output, 4044743843 bytes, > > 0 > > > > underruns > > > > 0 output errors, 0 collisions, 1 interface > > > > resets > > > > 0 output buffer failures, 0 output buffers > > > > swapped out > > > > 0 carrier transitions > > > > DCD=up DSR=up DTR=up RTS=up CTS=up > > > > > > > > I checked the S0 interface status on the > > internet > > > === message truncated === > > > __________________________________ > Do you Yahoo!? > Yahoo! SiteBuilder - Free, easy-to-use web site design software > http://sitebuilder.yahoo.com > > -------------------------------------------------------------------------- - > -------------------------------------------------------------------------- -- > > > --------------------------------------------------------------------------- ----------------------------------------------------------------------------
