[prev in list] [next in list] [prev in thread] [next in thread] 

List:       blackicedefender-issues
Subject:    Re: [BIDissues] MultiMedia - Javascript links
From:       "L.W. Kramer" <lwkramer () twocat ! com>
Date:       2001-09-16 17:19:28
[Download RAW message or body]

I am not familiar with the specifics of the connection sharing arrangement 
that you identified, however, the symptoms you detail are common issues for 
both NAT (Network Address Translation) and to a lesser extent Port-Mapping 
proxy servers. For the most part, your workaround will be to avoid RTSP 
protocols and configure your clients to use TCP protocols where possible.

Similar issues are seen with Passive FTP clients behind NAT and when using 
H.323 protocols (NetMeeting and many other Voice/Video/Conference 
applications).

The problem is related to the inability of these sharing devices to map 
incoming connection initiations to an existing session on other ports or 
protocols. BID on systems behind a NAT translator is redundant and not 
particularly effective (insofar as all incoming packets will appear to have 
'local' ip addresses). BID running on a PC-Based translator (such as ICS or 
RRAS-NAT) or Proxy server (e.g. Wingate or others) IS very effective but 
would normally run in a low protection mode with perhaps a very detailed 
list of excluded addresses. (Personally, 98SE based ICS is probably the 
most effective NAT translator at the low-cost end as it is possible to add 
specific protocol definitions to its repertoire - a feature removed in ME 
and 2K workstation versions of ICS. Adding these definitions does not 
guarantee success).

For insight into this, try searching the MS-Kbase for a list of 
protocol-specific issues related to ICS. While the solutions proposed won't 
work for you, the discussions will give you insight into why these 
protocols fail. discussion of workarounds for these issues in the 
linux-based ipchains and iptables howto's will also be rewarding.

L.




>I have a home network set up with intel anypoint usb 1.6mbs adapters,
>and share a cable modem connection through the included ISS program.
>I also have BID installed (ver 2.5). (The ISS "server" dosen't have
>any of the following problems)  I have no problems running real
>player as a stand alone, but quick time will only play audio, and
>windows media player hangs on any embedded links. I have a similar
>problem with IE5.5. As a prime example, when I go to
>www.hbo.com/band, the page loads normally, but when I click on the
>link and try and play the trailer for "Band of Brothers", either with
>real player, or quicktime, after a quick burst of activity on the
>adapter, IE hangs for about 2-3 minutes, and then I get the little
>yellow caution sign in the bottom left hand corner of IE, with
>a "errors on page" message that says "server execution failed".  Any
>ideas?
>I have reinstalled all my software, and have the same problem.  Could
>it be that BID is seeing this second machine as an attacker and
>ingnoring it?  I have run the auto configuration on Real Player,
>which wants me to use UDP, contrary to what NetICe says on their web
>site..
>
>Thanks
>
>
>
>To Post a message, send it to:   bidissues@eGroups.com
>To Unsubscribe, send a blank message to: bidissues-unsubscribe@eGroups.com
>
>Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/



------------------------ Yahoo! Groups Sponsor ---------------------~-->
Secure all your Web servers now: Get your FREE Guide and learn to: DEPLOY THE LATEST ENCRYPTION,
DELIVER TRANSPARENT PROTECTION, and More!
http://us.click.yahoo.com/k0k.gC/nT7CAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

To Post a message, send it to:   bidissues@eGroups.com
To Unsubscribe, send a blank message to: bidissues-unsubscribe@eGroups.com 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 

[prev in list] [next in list] [prev in thread] [next in thread]