12-26-2006 02:45 PM - edited 03-10-2019 03:23 AM
Hi,
How to block p2p application using AIP-SSM-10 working with ASA5520?AIP is on promiscuous mode.
Thanks,
Siva
12-26-2006 03:56 PM
hi siva for blocking p2p applications the ids or the ips doesn;t have inbuilt signature. u will have to cretae customs signatures for it.
but the easiest way to block them is to block them on the firewall itself. that;s the best and easiest way.
anyways the packet first hits the firewall and then the aip module then why not block it on the firewall itself.
regards
sebastan
12-26-2006 05:56 PM
There are several signatures that detect p2p, for bit torrent there is 11020.0
Yahoo triggers: 5539.0, 11200.0, 11212.0, 11217.0 & 11219.0
etc..
Some are disabled by default though so please ensure you enable the ones that you need.
If you want to block these then you will have to use event actions that work in promiscuous setup for example request block connection and tcp reset. Please note that care must be taken when using these event actions.
For more information about the event actions please refer the link below:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids12/idmguide/dmevtrul.htm#wp1069467
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide