redirect rtmp

[qwertyjjj]

My proxy server used to work fine with some sites redirecting video by providiing a geo specific IP address.
Some sites now are using the flash RTMP protocol, which makes a direct connection to the internet on port 1935, sometimes also 443 and 80.

Would it work redirecting the traffic from the browser through a socks proxy instead? What are the security implications of running a socks proxy on the server?

Is there anyway a proxy could rewrite the URL to use the proxy instead?

[Graycode]

Flash RTMP can be a problem because it tries to make direct connections before even trying to use the browser's proxy settings.

Some personal firewalls can prohibit certain programs from making direct connections. If you did that, Flash RTMP will then behave by going through the proxy.

See also discussion about Hulu: http://prxbx.com/forums/showthread.php?tid=1211

[qwertyjjj]

(Sep. 26, 2009 09:10 PM)Graycode Wrote:  Flash RTMP can be a problem because it tries to make direct connections before even trying to use the browser's proxy settings.

Some personal firewalls can prohibit certain programs from making direct connections. If you did that, Flash RTMP will then behave by going through the proxy.

See also discussion about Hulu: http://prxbx.com/forums/showthread.php?tid=1211

Doesn't rtmp try making a direct connection on 1935 then 443, then 80?
I can't block 443 or 80 because those are http ports.
Is there a way to rewrite the uri and tell it to use port 80 directly?
Why do flash have to do this crap - why can't they just use port 80 like everyone else

[Graycode]

It's a fault of the way they coded Flash, one of the many things that makes it insecure by design. Send hate mail to Adobe (I have).

RTMP first tries direct connections using the ports you mentioned. RTMP is a part of Flash, therefore it's running within the browser. Only as a last resort if it was unable to establish its direct connection attempts will it finally abide by your browser's proxy settings. That Sucks.

Note that my earlier post mentioned personal firewall, not a generic network appliance. I use the old Kerio v2.15, which gives me the ability to permit / deny rules by specific program within my PC. With that, I permit my browsers to connect to my proxy, and I deny each of my browsers the ability to connect anywhere other than the proxy.

All their attempts to bypass the proxy will fail. With that, all RTMP is forced to go through the proxy.

A generic network firewall can not have rules for particular programs. Some personal firewalls can't either. But if you did have one that could control access for particular programs in your PC, then you'd be able to force Flash to go through the proxy -- and then go through TOR or whatever you desire.

[ProxRocks]

my sentiments exactly, as said sentiments pertain to personal firewalls...

i'm a big fan of Comodo, but *NOT* the "newer" version, i highly prefer v2.4.18.184 for it's abiltiy to define rules by "parent" (ie, allow GreenBrowser to access port 80/443 ONLY if GreenBrowser was 'opened' by Sensiva or HotKeyz and DENY access if opened by anything else)...

[qwertyjjj]

(Sep. 28, 2009 12:43 PM)ProxRocks Wrote:  my sentiments exactly, as said sentiments pertain to personal firewalls...

i'm a big fan of Comodo, but *NOT* the "newer" version, i highly prefer v2.4.18.184 for it's abiltiy to define rules by "parent" (ie, allow GreenBrowser to access port 80/443 ONLY if GreenBrowser was 'opened' by Sensiva or HotKeyz and DENY access if opened by anything else)...

I tried blocking the port in COmodo using global rules but it would not block the port. ANy ideas where it should be set?
I tried using to Comodo to block firefox directly as well but when I use the netstat command I can still see connections to 1935.
I tried only allowing access to the proxy IP address but no luck.
Comodo keeps automatically readding ANY PORT ANY DESTINATION despite me deleting it.

[ProxRocks]

i assume you are using version 2.4.18.184 ???

if so, go to Advanced -> Miscellaneous -> Configure and set "Alert Frequency Level" to VERY HIGH...

in addition, i do NOT skip loopbacks and i don't care if something is "certified" by Comodo or not, i'll set my own rules and REFUSE to trust something just because Comodo has "certified" it...

[qwertyjjj]

(Sep. 28, 2009 01:18 PM)ProxRocks Wrote:  i assume you are using version 2.4.18.184 ???

if so, go to Advanced -> Miscellaneous -> Configure and set "Alert Frequency Level" to VERY HIGH...

in addition, i do NOT skip loopbacks and i don't care if something is "certified" by Comodo or not, i'll set my own rules and REFUSE to trust something just because Comodo has "certified" it...

Nope version 3.12.111745.560
I can see where some of the settings are to block these ports or IP addresses but everytime I set it for firefox, COMODO just resets it to allow all when I restart, which kind of deafeats the point

[ProxRocks]

i've tried the "newer" Comodo about four times during BETA and about three times since going public...

in EVERY "newer" version i tried, there is no way to define rules based on "parent" - therefore, it gets an IMMEDIATE uninstall...

the "newer" Comodo is a POC, it's geared towards computer users like my parents, NOT the computer-literate generations...


"newer" is NOT always 'better'...
i'd revert to version 2.4.18.184 if i were you

[qwertyjjj]

Ok, I have tried this in COMODO. However, when I now try to connect to the video site having traffic only restricted to xxx.xxx.xxx.xxx (the proxy server), the video site just hangs for a few minutes saying loading content but it never finishes.
This is the same for a different video site that was originally working through the proxy server.

DO I have to force it through 80 or can it use 8080 because that is what the proxy server is on.

---

(Sep. 28, 2009 06:23 PM)qwertyjjj Wrote:  Ok, I have tried this in COMODO. However, when I now try to connect to the video site having traffic only restricted to xxx.xxx.xxx.xxx (the proxy server), the video site just hangs for a few minutes saying loading content but it never finishes.
This is the same for a different video site that was originally working through the proxy server.

DO I have to force it through 80 or can it use 8080 because that is what the proxy server is on.

It seems COMODO cannot block port 1935 because it has no access to block RTMP - it isn't even a recognised protocol?

[ProxRocks]

vidoes not playing are extremely hard to track down...

the video could have an ad embedded where it won't load the video until AFTER you've viewed that ad... that ad can be blocked by a HOSTS file, by your firewall blocking a "instant messaging port", by a .js file "method" or "event" being intercepted, et cetera...

me? i tend to avoid any video hosted online that requires such behind-the-back tomfoolery to be going on without my sayso...

[defconnect]

Can recommend Agnitum Outpost ( http://www.agnitum.com/ ) as a serious firewall. Its fine granularity allows to fine-tune your system very well indeed; for example blocking port 1935 and/or forcing to use port 80 or 443 (or of course via 8080 ) for your browser or flash app.


edit by admin: added spaces around link, the trailing ) was being included when clicked...

[lnminente]

My favourite is any old version of Agnitum Outpost, the new ones uses too much resources and the GUI is very basic. The old versions were more informational than the new ones, better for advanced users. Comodo also is very good but it uses too many objects, his antivirus has too many false positives, also i think it made my Vista slower.

These days i'm not using firewall, but still searching in the web for the one with no more than 10 mb in memory, i only need one able to write laws with hosts, ports and applications... :/

[ProxRocks]

you're in luck, i may have just the thing for you...
i have a firewall that i use "on the road" that runs from USB and the directory can be carried from one PC to another without "installing" it...

i'll have to report back in 4.5 to 5 hours or so as that USB is at home and i don't recall the name of it offhand...


edit:
on second thought, i recognize it from screencaps on the web...
it's called "Ashampoo" and works reasonably well - even from USB...
i still prefer the OLDER Comodo to it, but that is what i was able to find in regards to running from USB from ANY computer without the need to import registry settings to the host machine...

[lnminente]

Thanks for the recomendations, I have downloaded Ashampoo firewall free version and is very near to what i'm looking for:
-XP machine: 10mb as maximun memory, few CPU used and 269 GDI objects. Some stability problems but almost ok.
-Vista machine: not compatible

I want the same firewall for both machines, I will give a shot to older versions of Comodo...