-----BEGIN PGP SIGNED MESSAGE----- nuqneH, Hmmm ;) AFAIR Gauntlet has its own RA proxy, probably based on PN's reference implementation available from their site - what's wrong with it , why should you use web proxy ;)? Ah! Bashing socks i forgot another problem with it: if you use firewall to control what your users do on the net, socks (if you don't spend some amount of time to configure it for selected applications and hosts only) is a way for them to avoid your control. All you see from socks log is just host addresses and port numbers and no knowledge what they actually do, not more than packet filtering can provide to you. And the biggest problem with socks is that most firewall administrators are NOT aware of the problems i mentioned. - ---- "LeGrow, Matt" <Matt_LeGrowat_private> said : While researching a problem with the Gauntlet 5.0 web proxy a while back I had a chance to observe RealAudio traffic tunnelling itself through our web proxy. RealAudio actually allows you to configure or gives the option to determine for itself the best method out of several types of transport, including TCP and UDP-based transports. As if thats not confusing enough, there are also two different versions of the TCP transport protocol to choose from, either RTSP (TCP port 554) or PNA (TCP port 1090). The UDP-based transport uses both multiple single ports and a range of UDP ports. So the least complicated thing is to just tell it to run through your Web Proxy. Through a web proxy, at least,I can tell you that RealAudio sends some strange traffic through, including mysterious encoded/encrypted (?) 5k POSTs on a fairly consistent basis (with Spinner we were able to match them to the ends of songs that we played through the client) that I assume are encoded requests or updates of state information to the realaudio server. With the two clients I was testing with (Spinner and RealPlayer 6.0.6.45) the POST requests were adorned with incorrect content-lengths and non-Y2K-compliant expiration dates for content. Just not knowing what the thing is posting through your firewall should make any reasonably paranoid admin nervous enough. I would say just on external observation and not knowing the guts of the protocol, that its definitely a big black hole, but if you must proxy it set up a TCP/SOCKS proxy instead of burdening your web proxy with the additional barely-compliant HTTP traffic - --- _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBOIgvwaH/mIJW9LeBAQEdrQQAl/fnaKQeKywIHm71pW4EPFMFVpmxsLfR XVYXL3J3T/WJCUT36QR86bY2mnWVVZirpdmdvpq2cQyYyiXM4t6dGe6vZiaqqSwU /5llI2Mrvz9m+GvgZ+/MqFM5cuzRKFueShqN29BKaG9LOjGLpLci898o/IGgRBYC RcUUBwKsQXs= =z7n3 -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:58:46 PDT