How to monitor edonkey, bt download in PIX

eastbayapparel · ‎12-03-2004

1) Our user sometimes using BT, edonkey, MSN. How can i know they are using those software in PIX 515?

2) How can i block BT, edonkey and MSN?

3) Any free log prgramme/analyse tools can monitor its happen?

Pls help.

sachinraja · ‎12-06-2004

Hello ...

You can find this out by running a syslog server and logging all the user traffic. you can try using kiwi syslog or 3Cdaemon syslog server. this will give you exactly, asto who is trying to do all these..

You can block edonkey (uses tcp port 4662) by doing the following on your PIX:

access-list outbound deny tcp any any eq 4662

access-list outbound permit ip any any

access-group outbound in interface inside

refer to the following URL for the ports used to block the various peer to peer applications.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a00801e419a.shtml#edonkey

you can block MSN by tcp port 1863.

access-list inside deny tcp 192.168.1.0 255.255.255.o any eq 1863

If this doesnt work, try this:

1. In the registry, navigate to: \HKUR\Software\Microsoft\MessengerService\

2. Find the item named Server: messenger.hotmail.com;64.4.13.50:1863. Change this value to Null;0.0.0.0:0

That's it.

Not sure what you mean by BT. can you please expand this?

Hope this helps.. all the best..

Raj

eastbayapparel · ‎12-06-2004

Thanks!

BT stand for Bit Torrent. Some user using Bit Torrent downloading film, programme, music.

sachinraja · ‎12-06-2004

Oh.. Bit torrent ?? cool.. i think you can block it by denying access to tcp ports 6881-6999. Try this !!!!

all the best.. rate replies if found useful...