https://community.cisco.com/t5/network-security/modular-policy-framework/m-p/882954#M954747 <HTML><HEAD></HEAD><BODY><P>I've been struggling with the following for </P><P>the past year without any solutions:</P><P></P><P>1- I want to block users from using</P><P>AOL Instant messenging. AOL can masquerade any</P><P>ports. I don't want to do a nslookup and</P><P>block the AOL destination. With Checkpoint,</P><P>this was not an issue via SmartDefense. How</P><P>can I do this with pix or asa devices?</P><P></P><P>2- How do I block nachi worm with Pix/ASA, </P><P>like this below:</P><P></P><P>access-list 199 permit icmp any any echo</P><P>access-list 199 permit icmp any any echo-reply</P><P>route-map nachi-worm permit 10</P><P> match ip address 199</P><P> match length 92 92</P><P> set interface Null0</P><P> </P><P>interface F0/0</P><P> no ip unreachables</P><P> ip route-cache policy</P><P> ip policy route-map nachi-worm</P><P></P><P>I can do this with Checkpoint in 20 seconds.</P><P>With Pix, I don't know how. </P><P></P><P></P></BODY></HTML> Tue, 19 Feb 2008 18:37:38 GMT cisco24x7 2008-02-19T18:37:38Z https://community.cisco.com/t5/network-security/modular-policy-framework/m-p/882952#M954744 <P>Hi.. All</P><P> Pls expain how can I block P2P Applications such as emule,Kazza etc with Modular Policy Framework?</P><P> Also to block certain file types to be uploaded to internal FTP server?</P><P></P> Mon, 11 Mar 2019 12:04:43 GMT https://community.cisco.com/t5/network-security/modular-policy-framework/m-p/882952#M954744 anishpeter 2019-03-11T12:04:43Z https://community.cisco.com/t5/network-security/modular-policy-framework/m-p/882953#M954746 <HTML><HEAD></HEAD><BODY><P>You must be knowing ASA/Pix(version7) has default classes for this type of traffic </P><P></P><P>Security-525(config-pmap-c)# sh run all class-map type inspect http</P><P>!</P><P>class-map type inspect http match-all _default_gator</P><P> match request header user-agent regex _default_gator</P><P>class-map type inspect http match-all default_kazaa</P><P> match none</P><P>class-map type inspect http match-all _default_msn-messenger</P><P> match response header content-type regex _default_msn-messenger</P><P>class-map type inspect http match-all _default_yahoo-messenger</P><P> match request body regex _default_yahoo-messenger</P><P>class-map type inspect http match-all _default_windows-media-player-tunnel</P><P> match request header user-agent regex _default_windows-media-player-tunnel</P><P>class-map type inspect http match-all _default_gnu-http-tunnel</P><P> match request args regex _default_gnu-http-tunnel_arg</P><P> match request uri regex _default_gnu-http-tunnel_uri</P><P>class-map type inspect http match-all _default_firethru-tunnel</P><P> match request header host regex _default_firethru-tunnel_1</P><P> match request uri regex _default_firethru-tunnel_2</P><P>class-map type inspect http match-all _default_aim-messenger</P><P> match request header host regex _default_aim-messenger</P><P>class-map type inspect http match-all _default_http-tunnel</P><P> match request uri regex _default_http-tunnel</P><P>class-map type inspect http match-all _default_kazaa</P><P> match response header regex _default_x-kazaa-network count gt 0</P><P>class-map type inspect http match-all _default_shoutcast-tunneling-protocol</P><P> match request header regex _default_icy-metadata regex _default_shoutcast-tunneling-protocol</P><P>class-map type inspect http match-all _default_GoToMyPC-tunnel</P><P> match request args regex _default_GoToMyPC-tunnel</P><P> match request uri regex _default_GoToMyPC-tunnel_2</P><P>class-map type inspect http match-all _default_httport-tunnel</P><P> match request header host regex _default_httport-tunnel</P><P>!</P><P>So you use the following commands to block for example Kaza</P><P></P><P></P><P>policy-map type inspect http filterp2p</P><P></P><P>Security-525(config-pmap-c)# policy-map global_policy</P><P>Security-525(config-pmap)# policy-map type inspect http filterp2p</P><P>Security-525(config-pmap)# class default_kazaa</P><P>Security-525(config-pmap-c)# drop-connection log</P><P></P><P></P><P>see if this helps !</P></BODY></HTML> Tue, 19 Feb 2008 18:08:17 GMT https://community.cisco.com/t5/network-security/modular-policy-framework/m-p/882953#M954746 abinjola 2008-02-19T18:08:17Z https://community.cisco.com/t5/network-security/modular-policy-framework/m-p/882954#M954747 <HTML><HEAD></HEAD><BODY><P>I've been struggling with the following for </P><P>the past year without any solutions:</P><P></P><P>1- I want to block users from using</P><P>AOL Instant messenging. AOL can masquerade any</P><P>ports. I don't want to do a nslookup and</P><P>block the AOL destination. With Checkpoint,</P><P>this was not an issue via SmartDefense. How</P><P>can I do this with pix or asa devices?</P><P></P><P>2- How do I block nachi worm with Pix/ASA, </P><P>like this below:</P><P></P><P>access-list 199 permit icmp any any echo</P><P>access-list 199 permit icmp any any echo-reply</P><P>route-map nachi-worm permit 10</P><P> match ip address 199</P><P> match length 92 92</P><P> set interface Null0</P><P> </P><P>interface F0/0</P><P> no ip unreachables</P><P> ip route-cache policy</P><P> ip policy route-map nachi-worm</P><P></P><P>I can do this with Checkpoint in 20 seconds.</P><P>With Pix, I don't know how. </P><P></P><P></P></BODY></HTML> Tue, 19 Feb 2008 18:37:38 GMT https://community.cisco.com/t5/network-security/modular-policy-framework/m-p/882954#M954747 cisco24x7 2008-02-19T18:37:38Z https://community.cisco.com/t5/network-security/modular-policy-framework/m-p/882955#M954749 <HTML><HEAD></HEAD><BODY><P>GUIs are always a 20 seconds game..</P></BODY></HTML> Tue, 19 Feb 2008 18:52:47 GMT https://community.cisco.com/t5/network-security/modular-policy-framework/m-p/882955#M954749 abinjola 2008-02-19T18:52:47Z https://community.cisco.com/t5/network-security/modular-policy-framework/m-p/882956#M954751 <HTML><HEAD></HEAD><BODY><P>so what are the solutions for pix/asa?</P></BODY></HTML> Tue, 19 Feb 2008 18:56:08 GMT https://community.cisco.com/t5/network-security/modular-policy-framework/m-p/882956#M954751 cisco24x7 2008-02-19T18:56:08Z https://community.cisco.com/t5/network-security/modular-policy-framework/m-p/882957#M954753 <HTML><HEAD></HEAD><BODY><P>Hello Anish, please try my sample config that I posted for you and let me know if there is anything else I can help you with.</P></BODY></HTML> Tue, 19 Feb 2008 19:10:37 GMT https://community.cisco.com/t5/network-security/modular-policy-framework/m-p/882957#M954753 abinjola 2008-02-19T19:10:37Z https://community.cisco.com/t5/network-security/modular-policy-framework/m-p/882958#M954754 <HTML><HEAD></HEAD><BODY><P>Hi.. ASHISH </P><P> Thanks Lot. I havent noticed the above default class maps. I will try it. </P><P>I also set my FTP policy to allow only certain file types. Can I use CSC module to inspect inbounf FTP files? If my ASA has AIP module populated and no room for CSC how can i use an antivirus program to inspect inbound FTP traffic?</P></BODY></HTML> Wed, 20 Feb 2008 02:18:16 GMT https://community.cisco.com/t5/network-security/modular-policy-framework/m-p/882958#M954754 anishpeter 2008-02-20T02:18:16Z https://community.cisco.com/t5/network-security/modular-policy-framework/m-p/882959#M954755 <HTML><HEAD></HEAD><BODY><P>hey Anish,,well if you have AIP/SSM module or CSC module then you actually a full fledged IPS mechanism and you can certainly monitor/block/reset inbound/outbound FTP files or ftp commands as well</P><P></P><P>You just need to configure AIP-SSM and turn on all the default signatures</P></BODY></HTML> Thu, 21 Feb 2008 05:16:34 GMT https://community.cisco.com/t5/network-security/modular-policy-framework/m-p/882959#M954755 abinjola 2008-02-21T05:16:34Z