[prev in list] [next in list] [prev in thread] [next in thread]
List: blackicedefender-issues
Subject: Re: [BIDissues] MultiMedia - Javascript links
From: "L.W. Kramer" <lwkramer () twocat ! com>
Date: 2001-09-16 17:19:28
[Download RAW message or body]
I am not familiar with the specifics of the connection sharing arrangement
that you identified, however, the symptoms you detail are common issues for
both NAT (Network Address Translation) and to a lesser extent Port-Mapping
proxy servers. For the most part, your workaround will be to avoid RTSP
protocols and configure your clients to use TCP protocols where possible.
Similar issues are seen with Passive FTP clients behind NAT and when using
H.323 protocols (NetMeeting and many other Voice/Video/Conference
applications).
The problem is related to the inability of these sharing devices to map
incoming connection initiations to an existing session on other ports or
protocols. BID on systems behind a NAT translator is redundant and not
particularly effective (insofar as all incoming packets will appear to have
'local' ip addresses). BID running on a PC-Based translator (such as ICS or
RRAS-NAT) or Proxy server (e.g. Wingate or others) IS very effective but
would normally run in a low protection mode with perhaps a very detailed
list of excluded addresses. (Personally, 98SE based ICS is probably the
most effective NAT translator at the low-cost end as it is possible to add
specific protocol definitions to its repertoire - a feature removed in ME
and 2K workstation versions of ICS. Adding these definitions does not
guarantee success).
For insight into this, try searching the MS-Kbase for a list of
protocol-specific issues related to ICS. While the solutions proposed won't
work for you, the discussions will give you insight into why these
protocols fail. discussion of workarounds for these issues in the
linux-based ipchains and iptables howto's will also be rewarding.
L.
>I have a home network set up with intel anypoint usb 1.6mbs adapters,
>and share a cable modem connection through the included ISS program.
>I also have BID installed (ver 2.5). (The ISS "server" dosen't have
>any of the following problems) I have no problems running real
>player as a stand alone, but quick time will only play audio, and
>windows media player hangs on any embedded links. I have a similar
>problem with IE5.5. As a prime example, when I go to
>www.hbo.com/band, the page loads normally, but when I click on the
>link and try and play the trailer for "Band of Brothers", either with
>real player, or quicktime, after a quick burst of activity on the
>adapter, IE hangs for about 2-3 minutes, and then I get the little
>yellow caution sign in the bottom left hand corner of IE, with
>a "errors on page" message that says "server execution failed". Any
>ideas?
>I have reinstalled all my software, and have the same problem. Could
>it be that BID is seeing this second machine as an attacker and
>ingnoring it? I have run the auto configuration on Real Player,
>which wants me to use UDP, contrary to what NetICe says on their web
>site..
>
>Thanks
>
>
>
>To Post a message, send it to: bidissues@eGroups.com
>To Unsubscribe, send a blank message to: bidissues-unsubscribe@eGroups.com
>
>Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
------------------------ Yahoo! Groups Sponsor ---------------------~-->
Secure all your Web servers now: Get your FREE Guide and learn to: DEPLOY THE LATEST ENCRYPTION,
DELIVER TRANSPARENT PROTECTION, and More!
http://us.click.yahoo.com/k0k.gC/nT7CAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->
To Post a message, send it to: bidissues@eGroups.com
To Unsubscribe, send a blank message to: bidissues-unsubscribe@eGroups.com
Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic