hi,
correct me if I'm wrong, but the napster application needs to contact a
server, somewhere on 64.124.41.0/24, to register the user as being 'online',
send a list of what is shared on the client, and retrieve stats of users/
files, and eventually mp3s =]. Would blocking all traffic from inside to
64.124.41.0/24, on the appropriate services (7777, 8875, 8888) hence be
effective in controlling registration - upstream of controlling file sharing
?. This is what I do, and it seems effective, I also set to mail myself when
a user attempts to connect to the above network (gets dropped), or connects
to other networks on the above services, (gets allowed, eg sun answerbook
uses 8888).
Although this might not be absolute in controlling registration (other
napster servers outside 64.124.41.0/24), it's better than finding out your
traffic bill is largely comprised of sharing music =]
Brett.
----- Original Message -----
From: Young, Beth A. <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, November 23, 2000 7:42 AM
Subject: Napter traffic pattern
: The white paper is not done (too many other projects right now to finish
it)
: but here is the gist of the traffic patterns. Since I got enough off-list
: email expressing interest, it seems appropriate to post it here.
:
: I used a router to block incoming SYN packets to my IP address which
blocked
: napster traffic from my machine until I changed the client setting to "I
: live behind the firewall." At that point, people started downloading from
: me again because my client would initiate the SYN. It also doesn't do any
: good to block the napster subnet range. While that works 95% of the time,
: there are other napster servers out there that do not live in the napster
: 64.124.41.0 network.
:
: A co-worker is looking at Packet Pup as a way to block napster but we are
: kind of unique in that we don't care if students download files but we
don't
: want to be the main supplier of songs so we want to block downloads from
us.
: *shugs* any suggestion on that front would appreciated.
:
: -Beth
:
: --------------------------------------------
:
: A normal napster session begins with the following traffic pattern, a
normal
: 3-way handshake to two different servers:
: 1. the local workstation contacts the napster server
: (server.napster.com) - SYN
: 2. The server responds - SYN/ACK
: 3. The local workstation acknowledges - ACK
: 4. The server pushes HTML data to the local workstation (this
: is the front page of napster loading). Destination port 80.
: 5. After the local user clicks the search button on the napster
: client, there is another 3-way handshake between the local workstation and
: the server (64.124.41.179). Destination port 8888.
: 6. After you enter a song title/band name to search on, there
: are a lot of Echo/Echo reply packets sent. The local workstation will
ping
: the remote workstations for ping times (you can disable the ping option on
: the client).
: 7. Once you select a song to download, the remote workstation
: initiates the 3-way handshake by sending a SYN
: 8. Local workstation responds - SYN/ACK
: 9. The remote workstation responds with ACK
: 10. Once the connection is setup, the data is transferred with 2
: packets sent per one acknowledge packet from local workstation.
Destination
: port is 6699. Interesting enough, the packet sizes are 1460 and 588.
:
: Napster traffic if you check "I live behind a firewall" option on the
client
: works the following way when downloading a file to local machine:
: Same as steps 1-6 above.
: 1. Once you select a song, the local workstation
: initiates the 3-way handshake by sending a SYN packet to remote
workstation.
: 2. The remote workstation responds with SYN/ACK
: 3. The locate workstation responds with an ACK
: 4. Once the connection is setup, the data is
: transferred with 2 packets sent per one acknowledge packet from local
: workstation. The destination port is still 6699 with the same mix of 1460
: and 588 packet sizes.
:
: Napster traffic if you check "I live behind a firewall" option on the
client
: works the following way when downloading a file from local machine:
: Steps 1-6 same as above to connect to the napster service.
: 1. The local workstation send the SYN packet with
: destination port 6699
: 2. The remote workstation responds with SYN/ACK packet.
: 3. The local workstation responds with an ACK packet.
: 4. Once the connection is setup, the data is
: transferred with 2 packets sent per one acknowledge packet from local
: workstation. The destination port is still 6699 with packet sizes about
: 1414.
:
: -
: [To unsubscribe, send mail to [EMAIL PROTECTED] with
: "unsubscribe firewalls" in the body of the message.]
:
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
