AIP-SSM-20 and P2P (bittorent) traffic

sjones@techsgi.com · ‎01-18-2011

Hello everyone--i'm trying to figure out a way to block bittorent/P2P traffic for an education client, and short of Ironport, i think the IPS/IDS module for the ASA might work but i'm wondering if anyone has had any success in doing this? Is it an effective fix or is a webfiltering appliance the best route to go. Bear in mind that aside from the LAN traffic and internal wireless, they also have public wi-fi through out the campus that will need to be addressed for this as well. Does anyone have any suggestions? Thanks

Scott J.

fadlouni · ‎01-20-2011

Hi.

With the IPS module you can reduce bittorrent activity by enabling blocking/dropping with bittorrent signature IDs:

1-11020 (and all subsignatures which fire on different types of bittorrent traffic).

2- 11030

3- 11031.

other p2p traffic signatures can be found here:

http://tools.cisco.com/security/center/viewAlert.x?alertId=86

Regards,

Fadi.

Does this Answer your question? if yes, please mark it so.

network770 · ‎08-26-2011

Blocking p2p traffic can only be done with the aip-ssm module?

what about plain firewall rules and inspections? which is more preferable and productive?

are there specific portst that p2p traffic uses that i can block as incoming traffic on the firweall coming from the outside?