I am using BackTrack 5 to help monitor Bit Torrent since I have been completely ineffective in blocking it via my Cisco 5505 Firewall. I have now seen several outbound TCP connections with the connection being to my firewall's IP address. I am a rookie when it comes to using Cisco's rather clunky interface and am struggling with this. I am a software developer with very few networking skills in a company of 5! Can anyone help with the proper way to block bit torrent downloads on my Cisco asa 5505 or tell me why my BackTrack system is telling me that the firewall is connecting to the pirate bay?
Thanks in advance for any help you can give me!
It would help if you provided a white-washed network diagram to see where the BackTrack software is installed, listening to traffic. Now if I were a betting person, I would lay good odds that the address BackTrack sees is the same NAT IP used for traffic to go to Internet and BackTrack is listening to traffic after it exits the ASA.
One of the things I have to be beneficial on many levels is implementing a software which uses netflow to track traffic, Scrutinizer for instance. You have all interfaces on the ASA monitored and create filters to look into almost anything crossing the ASA. (Not to plug Scrutinizer, just found it to be the best.)
Another benefit is to use it to see what applications, users, etc are eating traffic. I found a company which released new code to their web servers that did not compress pdf's after being generated, part of new code. As a result we saw a significant portion of the network traffic increase, almost double, and would not have found the culprit had it not been for netflow.
Ok, in many cases what these tools indicate are the PAT address the address that is used on the ASA to translate internal users so they can route out to the Internet to reach the destination IP. Post show tech, output that you are getting from you application so I can confirm but in many cases this is the reason.
Plain ASA just won´t do it, you can configure the ASA with websense server or N2H2 for web filtering or you can get an ASA CSC module but since the box is small and you have a small amount of people behind it maybe you won´t needed it.
Well, I solved the problem by just getting rid of the ASA 5505 and getting something with a more friendly interface. The ASA was a clunky firewall is now just a paperweight (It performs better as a paperweight than it did as a firewall). Thanks for trying to help guys. My suggestion to others browsing this forum is to get something that doesn't require a PhD to work with.