Re: Rhapsody

From: Charles Newman (charlesnewman1_at_comcast.net.nospam.do.not.spam.me)
Date: 11/11/03 

Date: Tue, 11 Nov 2003 13:29:14 -0800

X-No-Archive: Yes

       With Rhapsody, you could use your laptop computer.
Just plug it in to the netowrk, and sign on to Rhapsody
to authorize access to your playlist. Since the music is
already stored in encrypted form in your hard disk, there
would be no bandwidth usage on the server logs. So
the boss would never know what you were up to.

"Lars M. Hansen" <badnews@hansenonline.net> wrote in message
news:lnc2rv429nhqomi8eai1v3v9igvkhr8mqc@4ax.com...
> On Tue, 11 Nov 2003 10:43:11 -0800, Charles Newman spoketh
>
> >
> >"Lars M. Hansen" <badnews@hansenonline.net> wrote in message
> >news:ovt1rvcin4oh5fn9qbocss6gbvdskkdr3n@4ax.com...
> >> On Tue, 11 Nov 2003 00:46:01 -0800, Charles Newman spoketh
> >>
> >> >X-No-Archive: Yes
> >> >
> >> > At last, a music service you can listen too from the office
> >> >without the boss knowing what you are up to. I just
> >> >subscribed to Rhapsody, and you get unlimited access to
> >> >over 400 thousand tracks, for $10 a month.
> >> > I have figured out you can listen to Rhapsody's selection
> >> >of music, from work, without the boss knowing what you
> >> >are up to. First, Rhapsody supports the use of a proxy
> >> >server, so all you have to do is find an open proxy outside
> >> >your company network, and the destination IP will me
> >> >masked.
> >> > Second, to prevent piracy, the data streams from
> >> >Rhapsody are encrypted with SSL. Because the incoming
> >> >data is encrypted, sniffers, such as Snort, wont pick up
> >> >what is happening. Sure the book would be open, but it
> >> >will all be in an unreadable language. Unless someone has
> >> >figured out how to crack and sniff an SSL connection,
> >> >there is no POSSIBLE way that the boss can find out
> >> >what you are up to. If the encryption system can foil all
> >> >but the most sophisticated pirates, it can foil any attempts
> >> >by the boss to monitor what you are doing.
> >> >
> >>
> >> Any type of firewall log analysis would pick up a large amount of
> >> traffic with your computer as the destination. Encrypted or not, it
> >> doesn't take a rocket scientist to figure out what's going on. That
type
> >> of continuous stream of packets could only be streaming media (video or
> >> audio).
> >>
> >> If I were to spot something like that, it wouldn't take too long to
> >> figure out that the source was an open proxy server, and I would assume
> >> that someone was trying to bypass the security policy by using a proxy,
> >> and I would block all access to/from the proxy server. A quick look at
> >> the destination IP of the packets would point me to your workstation,
> >> where I'm sure I'd be able to spot what was going on...
> >
> >
> > However, there are proxies now running on all kinds
> >of add port numbers. If someone were to use a proxy
> >in a very high port range, say, it would probably go
> >unnoticed. I have seen proxies on ports as high as
> >45576. Something on a port that high would not be
> >detetected right away.
> >
> >
>
> No, it wouldn't. First of all, outbound access from businesses should be
> restricted to only those which are necessary to run the business. That
> means regular web service, and very few others.
>
> Even if it isn't blocked, any decent firewall will report the number of
> bytes going through the firewall, and it'll include the source and
> destination IP address. A quick report over bandwidth usage by internal
> IP address (a common report) will reveal that someone is using a large
> amount of bandwidth. I've seen it, and the two people who were
> continuously streaming MP3s through the firewall were showing on top of
> the bandwidth usage report every day...
>
>
> Lars M. Hansen
> www.hansenonline.net

Relevant Pages

  • Re: Deutsche-Telekom sets the standard for network security! (??)
    ... > that people were so hardcore on security. ... > Several of you say that you report port sniffers almost every time. ... I don't see near the hits you report. ... I have a full firewall system {OpenBSD system set up ...
    (comp.os.linux.security)
  • Re: crystal report print to file
    ... i'm not sure which report object you are using - adobe com control I assume ... I am using the .NET CrystalReports ReportDocument which does not expose ... Driver or Port properties. ...
    (microsoft.public.vb.crystal)
  • Re: [Fwd: Re: Nmap/netwag problem.]
    ... Jack wrote: ... and is unfiltered it will result in port 80: ... If the port would now be reported closed that would make netwag look ... If not we need to figure out what kind of scan made netwag report the ...
    (Pen-Test)
  • Re: NIS slowing machine to a crawl?
    ... The problem is NIS. ... Check your computer with a port scanner like grc.com in the internet. ... netstat and if its implementation is bug-free enough to report it ...
    (comp.security.misc)
  • Re: Storms destroyed 108 offshore platforms
    ... The report *is* correct if not light on the estimates. ... from sea on Oct 18th after a full month of servicing fields below Port ... offshore one needs boats and boats need ports to work out of. ... 300 oil support vessels in port..all seeking fuel and potable water. ...
    (misc.invest.stocks)