08-12-2008 04:46 PM - edited 03-11-2019 06:30 AM
Hi, As there are lot of softwares which works on P2P so is it possible to block all p2p traffic whether the traffic comes by using any software. Second, would block Bittorrent Traffic as well. Please suggest.
08-12-2008 06:54 PM
do the following
class-map match-any sdm_p2p_kazaa
match protocol fasttrack
match protocol kazaa2
class-map match-any sdm_p2p_edonkey
match protocol edonkey
class-map match-any sdm_p2p_gnutella
match protocol gnutella
class-map match-any sdm_p2p_bittorrent
match protocol bittorrent
policy-map blocking_P2P
class sdm_p2p_gnutella
drop
class sdm_p2p_bittorrent
drop
class sdm_p2p_edonkey
drop
class sdm_p2p_kazaa
drop
the apply it in two directions on the outside interface
lets say
interface fa0/1
service-policy input blocking_P2P
service-policy output blocking_P2P
and should work perfect
but see the following prevous post first
good luck
please, if helpful rate
08-12-2008 07:02 PM
Using what, ASA/PIX or IOS?
Regards
Farrukh
08-12-2008 07:44 PM
ASA 5505
08-12-2008 07:48 PM
then just follow the following link will guid u step by step
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c38a6.shtml
good luck
please if helpful Rate
08-12-2008 07:51 PM
Will it block all P2p trafic if user use any software like kazaa, lime wire and etc. And what about bittorrent.
08-12-2008 08:02 PM
most the times these kind of p2p hard to block because it work under http (tunneled under http) so the link above inspect the http misuse and block these kind of traffic
also with class-map tyrp inspect ?
put question marck and check what othe rotions u can get
the same with policy-map tey ?
and so on
with the above link should be fine
please, if helpful rate
08-12-2008 08:33 PM
Well, it means we dont have any other option to block every software which supports P2P traffic.
I have gone through the above link commands and its working fine but still I am able to download the softwares, movies etc by using bittorrent.
Is there any other method would you recommand so that the P2p and bittorrent traffic to be blocked. Please suggest.
08-12-2008 08:45 PM
try the simple way
go to that software setings
ses what ports [ tcp udp whatever] it use
and then deny it by simple ACLs
08-12-2008 09:17 PM
Blocking bittorrent is a little difficult as compared to the other P2P softwares.
Have a look at these links tough:
http://wiki.wireshark.org/BitTorrent
http://userpages.umbc.edu/~hamilton/btclientconfig.html
Regards
Farrukh
08-12-2008 09:22 PM
hi Farrukh
what u suggest in case of bittorrent ?
because with IOS firewall the is a matching for it inculded with NBAR
however in ASA not inculded with MPF except the one for port mis-use!!!
08-12-2008 09:37 PM
Marwan please check the two links I posted in my earlier post (via Edit). The reason why its difficult is because of the random ports and secondly because some clients use encryption and even HTTPS for tracker as mentioned here:
http://seclists.org/pen-test/2007/Aug/0197.html
Regards
Farrukh
08-12-2008 09:47 PM
i know the idea...
and i know why hard to match it...
but, i just asked u about ur opinion which way u think better to block it !
anyway thank you
08-12-2008 09:53 PM
Sorry I did not understand your initial post clearly. I would first start to block the ports and check the famous clients (Azerus,Utorrent,BitTorrent) to see if they continue to work. Then only I would resort to fancy things like HTTP inspection as they have huge performane impact on firewalls (ASA,Netscreen etc.)
Ragards
Farrukh
08-13-2008 01:13 AM
cool
and Thank You
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide