Blocking MP3's with file blocking/data filtering - how?

cancel
Showing results for 
Search instead for 
Did you mean: 

Blocking MP3's with file blocking/data filtering - how?

L2 Linker

We tried using the 'MPEG' file type and file blocking, but this doesn't do the job (in fact it only seems to block MPEG video's, not MPEG-3 audio). We also tried creating a data filter with "MP3HASH" as a regular expression, but this didn't appear to match MP3's either.

How can we successfully block MP3's using data filtering or file blocking?

1 REPLY 1

L4 Transporter

Can't control this with file blocking, as it's not a recognized file type that PAN can decode, and data filtering is only going to look for patterns within certain file types also, so that may not do it either.

You may want to control these at their source or destination.  For example if you know they're being downloaded or uploaded from a particular site (rapidshare, yahoo mail, etc.), you may want to block file transfers to that site, or block the site all together.

I haven't tested this, but it may be possible to create a custom vulnerability signature for this.  In a quick peek at some MP3 files on my PC, I've seen that the files all seem to contain these strings at the beginning of the file:

WM/MediaClassPrimaryID
WM/MediaClassSecondaryID
WMContentID
WM/UniqueFileIdentifier

Maybe you could create a custom vulnerability signature, selecting a pattern match around these strings in the TCP or UDP request/response payload?  I haven't tried this, but maybe you can give it a shot and let us know how it works!

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!