Re: March 29, 2006 total eclipse - IT admin's WORST NIGHTMARE
From: Charles Newman (charlesnewman1_at_comcast.spamkiller.net)
Date: Fri, 14 Oct 2005 07:23:57 -0700
"Owl Jolsen" <email@example.com> wrote in message
> In less than 6 months, we will be one of several online media companies
> webcasting the total solar eclipse from Africa, on 29th March, 2006. This
> will be during the working hours in Europe.
> For corporate IT admins in Europe, this will be their WORST NIGHTMARE
> come to life. We are working on and improving our system in sucha way that
> corporate IT admins in Europe will not be able to stop people from
> the eclipse without shutting down the ENTIRE NETWORK. We will be using a
> heavily encrypted feed, so that any IT admins that try to sniff the
> wont get anything. As somoene said once "The book will be open, but the
> pages will all be in an unreadble language".
> We will be running an ecnrypted link over port 80. There is NO WAY that
> can be shut down without cutting off ALL web access to the network. We are
> taking a cue from Kazaa, and P2P services, and are using encrypted links
> over port 80, which admins will be unable to stop without shutting down
> entire network.
> As far as eclipses go, this will be the longest, as far as totality
> since one of our competitors began webcasting eclipses way back in 1997.
> Where we plan to he webcasting from, it will be at about 10:45 AM British
> Summer Time, 11:45 in Central Europe (Europe goes to Summer Time on
> 26th March).
> Basically, people will be watching the eclipse, and gobbling down HUGE
> amounts of bandwidth. We plan to offer feeds up to 100K in bitrate, and
> will add up fast. Users will be clogging the network watching the eclipse,
> and corporate IT admins will have no CLUE as to what is going in, becusae
> feeds will be encrypted.
> The REAL nightmare scenario on this for IT admins, will be in the year
> 2009, when we will be webcasting a total solar eclipse with 6 minutes and
> 38 seconds of totality from Shanghai, China, on 22nd July, 2009. For
> 7 minutes, poeple will be clooging network bandwidth all over Asia, and
> becuase it will be encrypted, admins will never know that people are
> the solar eclipse. It will also being during the workday in Australia, so
> Australian admins will also wonder why the bandwidth usage is going so
As for the figure skating coverage they are doing, I think he is doing a
run at a compeittion in Vienna, because on Fs discussion board posts a
link to live video. If this is eventually to be their video feed, Tiny
Firewall, placed on the network server, can stop it. I have outgoing traffic
restricted to pots 80 and 443, on the proxy, and that is enough to stop it.
Tiny, when put on a network server, has this flexibility that your hardware
firewalls do not, so if you want to stop this guy's video streaming, you
need to have Tiny, to effectively block it. If this is this guy's company
doing a test run, the stream runs at 339K bandwidth, that would eat
up your company bandwidth in a hurry. You better put a Windows box
with Tiny on it, on your network, to stop this on the network level.
It appears, as well, that HTTP-only is disallowed, and they will
only allow RTSP/MMS, on ports 554 and 1755, so using Tiny
and telling it to restrict your HTTP proxy to ports 80 and 443
should do the trick. This guy obviously never thought of what
Tiny, and other software based firewall programs can do.
Call it s "toy firewall", if you like, but it is the only foolproof
way you will be able to shut this guy's stuff down. Windows
Media player 10 tunnels through whatever HTTP proxy
that IE, or whatever the default broswer, is set to use. So
using Tiny, and restricting your HTTP proxy to ports 80 and
443 should do the trick.