Need to disable audio streaming 3

[eaglefan2000]

I need to be able to disable audio streaming. I have 1000 users with 2 t-1's and streaming is using most of them. I am new to this so how do I disable this process. What ports need blocked and what will each port I block effect? I have a mixed network. 20% PC 80% MAC. Just blocking WMP will only help with the windows users. Need to block itunes as well.

Joseph Kunder
Technical Systems Specialist

 

[jmgalvin]

if yo want to limit or disallow iTunes, youcan do one of several things.

You can just trash it from users' computers (Applications folder).

Assuming that you have the machines set up properly for a multi-user,administered setup, meanng that user's do not have administrative privileges, the adminitrator can log in, and disable user's privileges to use ITunes. The simplest way, at the computer level is to right click the iTunes icon, select Get Info, and set permissions in the ensuing window.

 

[eaglefan2000]

I work in a school district where we want the users to have access to itunes photoshop dreamweaver etc. We have over 1200 computers to manage. The users are locked down from OSX X Servers. This does not help me. I need to shut down ports or disable audio streaming on 1 user to create image for summer deployment.

Joseph Kunder
Technical Systems Specialist

 

[ObviousTroll]

eaglefan,

You disable ports on the router to the t-1s, not on the individual machines - that saves you from having to worry about wiley users.

iTunes uses port 3689. You will also want to block the ports used by the RealAudio, Winamp and Quicktime.

 

[eaglefan2000]

What ports do winamp, quicktime and windows media player use?

Joseph Kunder
Technical Systems Specialist

 

[eaglefan2000]

I connected to a streaming audio radio station through itunes for PC then ran sniffer pro 4.7 and found it was using source port of 1251 and destination port of 9120. I thought you said itunes uses port 3689???

Joseph Kunder
Technical Systems Specialist

 

[ObviousTroll]

I said iTunes uses 3689 for built-in sharing. you can see this by simply looking at the Mac's built-in firewall settings.

As for what ports streaming radio stations use - you'll have to research that yourself, I'm not an expert. I seem to remember that realaudio servers use port 554 and 8554.

You really should have a firewall on the T-1 lines. If you look at the documentation for that, it probably already documents which ports to block. If you don't have a firewall, you definitely want to get one - and not just to block streaming audio.

 

[jimoblak]

Blocking individual ports to the outside world is a backwards way of managing a network. All ports should be blocked to begin with. You should only be concerned about opening necessary ports.

- - picklefish - -
Why is everyone in this forum responding to me as picklefish?

 

[ObviousTroll]

Good point, Jimoblak.

 

[eaglefan2000]

Yes we do have a cisco router. I like jimoblak's point. Will take a look at. Thanks.

Joseph Kunder
Technical Systems Specialist

 

[imeldesign]

We block all ports with our router and then set rules for the basic ports such as email, ftp,DNS, NNTP, Termserv, and webbrowsing...This stops all streaming and IM and IRC. I can go in and open specific ports for when needed and close them immediately with a click of the button....Far easier than a user by user method....

 

[eaglefan2000]

This perspective has lots of promise. Will try. Need to run all processes we use and record port activity. I use sniffer pro. Do you know of any program that can monitor ports and who is using to verify if needed to have port open?

Joseph Kunder
Technical Systems Specialist

 

[Ogi]

Why are you scanning your network when you should be scanning your firewall logs?

What firewall(s) do you have on your T1 lines?

You need to be there rather than at a client machine.

Carl.

 

[eaglefan2000]

I do not want to block ports from the local machine. I was performing a test to see what ports streaming was using. Streaming is not alowed in our School District but it is hard to block because of the many diffeerent ports and ways it is used. We do need access to itunes for school purposes. I can read the router logs but like I said I am new to this and will get more experience in time. Will start my Certifications this summer. Any hints in blocking ports in the cisco router.

Joseph Kunder
Technical Systems Specialist

 

[Ogi]

Yes!

Get an expert in to lock it down and only allow the known ports that you do need.

Then get them as part of the deal to train you on opening those ports that are required and how to do it. Plus, how to read the logs.

What you want to be doing should take place at the router not each PC!

As stated earlier, you seem to be concentrating on PC's rather than the router. Block everything and only open ports you need to!

As for certification, I'm not a big fan but what are you going to get certified in?

Carl.

 

[eaglefan2000]

I will probably start with Net + then go from there.

Joseph Kunder
Technical Systems Specialist