A couple of weeks ago, the mainstream media (news sources) got ahold of a story about how when people watch a streaming video feed from CNN, it forced anyone watching the feed to share that same feed with other users, thereby saving CNN bandwidth costs.
I've been seeing this as a growing trend with internet radio feeds as well. In the past fews days, I've found several radio feeds exhibiting this behavior. A few MB inbound daily, but hundreds outbound. With the economy the way it is, I see this becoming a growing trend.
The feeds can be on just about any port, I've seen 8004, 8080, 80, and 554. Especially in the case of port 80 and 8080, this limits the usefulness of existing solutions such as the web filter and QoS.
In my specific case, by company policy, I can't block the feeds outright. I've found that what has worked best for me, is creating a DNS Group for the feed host and blocking outbound traffic to that host with a packet filter. The feeds still work for my users, without the outbound bandwidth theft. This solution is limited in usefulness though. I can't put this in proactice until I notice the bandwidth bleeding taking place. This could also, over time, lead to a large number of definitions on my Astaro which can be unweildy.
I'd like to see what ideas Astaro can come up with to mitigate this growing trend in media feeds for a future version of Astaro. Some sort of allow inbound, but limit outbound traffic for all feeds, regardless of port used based on content scan.