Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
586
Views
0
Helpful
5
Replies

How to block kazaa on Pix515e...

hornbeck
Level 1
Level 1

‎02-15-2005 03:23 PM - edited ‎03-09-2019 10:20 AM

Hello all,

Does anyone know how I would block traffic to and from kazaa on our Pix515e firewall?

TIA,

Gary

Labels:
0 Helpful
5 Replies 5

sstudsdahl
Level 4
Level 4

‎02-15-2005 03:32 PM

The PIX is not capable of blocking the Kazaa traffic. I've included a link that shows how to block the traffic using Network Based Application Recognition (NBAR) on a router. There is also info regarding blocking other p2p type applications too.

http://www.cisco.com/warp/public/707/block_p2p_pix.html

Steve

0 Helpful

hornbeck
Level 1
Level 1
In response to sstudsdahl

‎02-15-2005 03:55 PM

Thanks so much for help! I will investigate this documentation. Appreciate greatly.

Gary

0 Helpful

bryan.green
Level 1
Level 1

‎02-15-2005 03:43 PM

Gary,

There is no "simple" solution, however, this can be achieved with decent success. Start by applying an ACL to your outbound traffic.

The P2P filesharing ports and network IP's are well documented. Some of these applications are now firewall savvy and will make outbound connections on well known ports; such as TCP/80 under the guise of web traffic. These can be stopped with the same ACL, block the remote IP's of the P2P networks.

Below is a sample to get you started, creating groups will simplify the management of this in the future. The list below will block every P2P application I've tested (Limewire/Gnutella/Bearshare/Morpheus/KaZaA/etc)

access-list inside extended deny tcp any any object-group p2p-tcp-protocols

access-list inside extended deny udp any any object-group p2p-udp-protocols

access-list inside extended deny ip any object-group p2p-networks

object-group service p2p-tcp-protocols tcp

description: Deny outbound traffic on known p2p tcp protocols

port-object range 6346 6348

port-object eq 6969

port-object range 411 412

port-object range 4661 4662

port-object eq 1234

port-object range 5498 5501

port-object eq 1214

port-object eq 6699

port-object eq 8888

port-object eq 8875

port-object range 6881 6889

port-object eq 4242

port-object eq 4661

port-object eq 4662

port-object eq 3531

object-group service p2p-udp-protocols udp

description: Deny outbound traffic on known p2p udp protocols

port-object eq 4665

port-object range 6346 6347

port-object eq 1214

port-object eq 3531

object-group network p2p-networks

description: Deny outbound traffic to known p2p networks

network-object 64.245.58.0 255.255.255.0

network-object 64.245.59.0 255.255.255.0

network-object 128.121.20.0 255.255.255.240

network-object 128.121.4.0 255.255.255.0

network-object 216.35.208.0 255.255.255.0

network-object 209.61.186.0 255.255.255.0

network-object 64.49.201.0 255.255.255.0

network-object 208.195.149.0 255.255.255.0

network-object 64.124.41.0 255.255.255.0

network-object 208.184.216.0 255.255.255.0

network-object 209.25.178.0 255.255.255.0

access-group inside in interface inside

0 Helpful

hornbeck
Level 1
Level 1
In response to bryan.green

‎02-15-2005 03:57 PM

Thanks so much for all the information. I will study this and apply it. Appreciate greatly.

gary

0 Helpful

sstudsdahl
Level 4
Level 4
In response to hornbeck

‎02-15-2005 07:46 PM

Gary,

I just read an article that talks about some of the new capabilities of the PIX firewall with version 7.0 of the PIX soon to be released. I've posted a section of the press release below as well as the URL. There really is quite a bit of information in it. I'm not sure what the timeframe is for the release of the new OS, but if your time table allows, you might wait to see what the capabilites are.

Steve

From Cisco Press Release:

http://newsroom.cisco.com/dlls/2005/prod_021505b.html

Proactive Application Control

The new Cisco PIX Software Version 7.0, along with Cisco IPS software version 5.0, and Cisco IOS Release 12.3(14)T, now offer support for application firewalling, which enables application inspection and control of Web traffic, a common entry point for Internet threats. Additionally the new Cisco PIX 7.0 Modular Policy Framework provides network administrators with more granular and flexible inspection control over individual applications and user traffic traversing a firewall. In combination, these new software features prevent malicious behavior such as malformed packets, bandwidth consuming IM and P2P traffic and application-embedded attacks from impacting application performance and proliferation of network attacks.

0 Helpful
Customers Also Viewed These Support Documents