Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
676
Views
0
Helpful
3
Replies

How to block p2p for specific hosts with IPS-4255

b.carbery
Level 1
Level 1

‎01-09-2007 03:48 PM - edited ‎03-10-2019 03:24 AM

I have just received an IPS-4255 with v6 software and am learning to configure it.

I want to maintain a list of known p2p abusers in our network and block their ip addresses using the IPS. At the moment the IPS is not in inline mode so I want to use TCP resets.

1) When a test machine starting downloading a bittorrent I see an event, and all the peer destination addresses, but if I start another torrent I do not see another event.

2) How do I only send TCP resets for specific hosts? I created an event variable but am unsure how to apply it.

3) Will sending TCP resets over a SPAN from a Cat6500 (latest sw, sup etc) work?

thanks

Labels:
0 Helpful
3 Replies 3

armando
Level 1
Level 1

‎01-10-2007 05:58 AM

Why go thru all that just block it at the router level and drop it there.

0 Helpful

b.carbery
Level 1
Level 1
In response to armando

‎01-10-2007 02:17 PM

Two good reason come to mind:

1) You can't block traffic that uses dynamic ports with an ACL (notwithstanding nbar)

2) If I can't do it easily with the IPS, why do I need an IPS?

0 Helpful

rnaydenov
Level 1
Level 1
In response to b.carbery

‎01-11-2007 12:18 AM

Take a look at event action overrides and event action filters. With these you can enable/disable signature for specific addresses

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card