Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
446
Views
0
Helpful
1
Replies

IOS IPS for blocking IM and P2P

rversluis
Level 1
Level 1

‎05-12-2005 08:41 AM - edited ‎03-10-2019 01:26 AM

Any recommendations on the best way to use IOS IPS to stop P2P and IM?

I set up a 3845 with 12.3(14)T1 to do this by importing signatures from the latest SDF using SDM. I used the attack-drop, and all IM and P2P signatures I could find. I changed them all to drop and reset. I then applied it to the inside interface of a 3845. I also set up nbar with a drop policy for all P2P traffic.

The configuration caused very slow web response time for users, including blocked pages. Removing the IPS filter made everything work properly again. The router also stopped rebooting periodically.

Is there a recommended way to set this up that does not cause slow performance and reboots?

Labels:
0 Helpful
1 Reply 1

rversluis
Level 1
Level 1

‎05-17-2005 07:52 PM

OK, went back and loaded some upgraded software. Now using 12.4.1 Advanced security IOS on the 3845, and SDM 211. The new 256MB.sdf signature file has all the IM and P2P signatures in it already!

After applying the IPS inbound on the serial interface, I changed the UDP signatures action to drop and the TCP to drop/reset.

Everything appears to be working beautifully. Yahoo and MSN messenger get dropped, as well as the peer to peer requests. I am unable to download Bittorrent. Web access is fast, and there is no hesitation by the router in configuring the IPS.

This appears to be a great solution so far.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card