BT blocking using ASA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-29-2010 07:31 PM - edited 03-11-2019 11:47 AM
Hi Forum People, greeting.
I have an ASA 5510 with SSM CSC, i only using inside interface connect to LAN, outside interface connect to Border Router.
My motive is would like to block user from inside interface using Bit Torrent related application to download anything from outside.
I manage to use SSM CSC to URL Blocking user using broswer to surf any Torrent related website, so user cannot goto Torrent related website to find the seed.
Then now I testing using vuze BT tracker application, it still can able to penetrate and download from other end peer.
I showing the action list I done before:
First, I using MPF to filter the traffic.
regex bit-torrent-tracker ".*[Ii][Nn][Ff][Oo]_[Hh][Aa][Ss][Hh]=.*"
!
object-group service BitTorrent-Tracker tcp
description TCP Ports used by Bit Torrent for tracker communication
port-object eq 2710
port-object eq 6969
!
object-group service Blocked-UDP-Ports udp
description All ports blocked for Bit Torrent UDP DHT
port-object range 10001 65535
port-object range 1024 5554
port-object range 5600 9999
!
access-list DENY-BT extended deny tcp any any object-group BitTorrent-Tracker log warnings
access-list DENY-BT extended deny udp any any object-group Blocked-UDP-Ports log warnings
access-list DENY-BT extended permit tcp any any
access-list DENY-BT extended permit udp any any
access-list DENY-BT extended permit icmp any any echo
!
class-map http_traffic
match port tcp eq www
!
class-map type inspect http match-all bit-torrent-tracker
description Bit Torrent Tracker communication
match request args regex bit-torrent-tracker
match request method get
!
policy-map type inspect http Drop-P2P
description Drop protocol violations Bit Torrent Tracker traffic
parameters
protocol-violation action drop-connection log
class bit-torrent-tracker
drop-connection log
!
policy-map global_policy
class http_traffic
inspect http Drop-P2P
!
service-policy global_policy interface inside
!
access-group DENY-BT out interface inside
attach the snapshot on the ASDM service policy rules
idea needed, i need to kill this vuze to download..
- Labels:
-
NGFW Firewalls

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-29-2010 08:34 PM
Yongkhang,
What do you see if you load wireshark on your computer and then launch vuze? What TCP/UDP/Etc connections are made by the application that are not yet blocked? Make sure you close any other programs so the only network activity is from the VUZE application on your computer. Once you identify what ports/protocols VUZE uses, then you can proceed to ACL them off.
- Magnus
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-30-2010 06:58 PM
Hi Magnus,
Thanks for the advice. as i strengthen the ACL rule, with wider range of UDP port-range from 10000-65535. Traffic is tear down and after certain period, the transaction time out and can't success donwload.
Just have few more thing to check with you.
Q1. is it possible ASA to scan encrypted traffic?
thank
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-01-2010 07:54 AM
Unfortunatelly the ASA cannot inspect https or encrypted traffic because we would not be able to look into the messages since they are encrypted.
I hope it makes sense.
PK
