12-03-2004 09:16 PM - edited 02-20-2020 11:47 PM
1) Our user sometimes using BT, edonkey, MSN. How can i know they are using those software in PIX 515?
2) How can i block BT, edonkey and MSN?
3) Any free log prgramme/analyse tools can monitor its happen?
Pls help.
12-06-2004 09:43 PM
Hello ...
You can find this out by running a syslog server and logging all the user traffic. you can try using kiwi syslog or 3Cdaemon syslog server. this will give you exactly, asto who is trying to do all these..
You can block edonkey (uses tcp port 4662) by doing the following on your PIX:
access-list outbound deny tcp any any eq 4662
access-list outbound permit ip any any
access-group outbound in interface inside
refer to the following URL for the ports used to block the various peer to peer applications.
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a00801e419a.shtml#edonkey
you can block MSN by tcp port 1863.
access-list inside deny tcp 192.168.1.0 255.255.255.o any eq 1863
If this doesnt work, try this:
1. In the registry, navigate to: \HKUR\Software\Microsoft\MessengerService\
2. Find the item named Server: messenger.hotmail.com;64.4.13.50:1863. Change this value to Null;0.0.0.0:0
That's it.
Not sure what you mean by BT. can you please expand this?
Hope this helps.. all the best..
Raj
12-06-2004 10:09 PM
Thanks!
BT stand for Bit Torrent. Some user using Bit Torrent downloading film, programme, music.
12-06-2004 10:16 PM
Oh.. Bit torrent ?? cool.. i think you can block it by denying access to tcp ports 6881-6999. Try this !!!!
all the best.. rate replies if found useful...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide