cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1757
Views
0
Helpful
2
Replies

ASA bit torrent blocking

_cdale
Level 1
Level 1

Hi, does anyone why it is nigh impossible to block bit torrent with the ASA firewall. We have a ASA 5520 running 8.4 IOS.

But (correct me if im wrong) the router based IOS firewall allows this functionality?? Whether CBAC, class maps etc.

2 Replies 2

Marcin Latosiewicz
Cisco Employee
Cisco Employee

bitorrent and many others P2P programs are quite smart about not getting blocked using many mechanisms:

- random source and destination ports

- payload encryption

- tunneling/piggybacking on top of HTTP.

- UPNP usage.

It's almost impossible to completly block all P2P activity save for deep packet inspection and looking for patterns.

There are almost no reasoanly effective STATIC mechanisms to block p2p (IPS devices will have some luck with signatures, but may not be able to match patterns if encryption is used).

The most successful block I saw was default deny policy for LAN users + proxying of HTTP/HTTPS :-)

TL;DR Bittorrent is using lots of different tricks to avoid detection. You may be able to block some activity with static methods, but it's trickier to do it completly.

I think I was able to effectively block using Service Policy

Review Cisco Networking for a $25 gift card