Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
413
Views
0
Helpful
4
Replies

Need some help Blocking File sharing / Chat programs

afish6969
Level 1
Level 1

‎02-03-2004 10:09 AM - edited ‎03-09-2019 06:18 AM

Here's what i have: Cisco 1720 with T-1 speed coming in over a WIC-1ENET. IOS ver. 12.2(11)T10

The problem that I have right now on my network is people using both file sharing and chat programs. Later this year I'll be getting a PIX but for right now my only choice for stopping this type of traffic is ACL's. I can't seem to find a good example that I can use in my router.

Someone out there has had to have run across this before.

Any help will be welcome!!

Afish6969

Network admin for a blood sucking insurance company

Labels:
0 Helpful
4 Replies 4

seanm
Level 1
Level 1

‎02-04-2004 09:35 AM

As you didn't specify the file sharing and chat programs, it is a bit hard to help. You can enable NBAR to build a profile of the application traffic from which you can build an ACL.

Also, if you have IOS FW check and see if CBAC provides support for the protocols you are trying to combat.

0 Helpful

afish6969
Level 1
Level 1
In response to seanm

‎02-04-2004 07:52 PM

You're right I didn't specify the programs. Here's what I have found: AIM, Yahoo, MSN messenger, and Kazaa seem to be the main ones. If possible I would like to block any chat program but I don't think there is a "catch all" way to do it.

I went to a P/C that had MSN and Yahoo going at the same time. I did a netstat -a and got this:

TCP pc034:2303 baym-cs108.msgr.hotmail.com:1863 ESTABLISHED

TCP pc034:2304 65.54.131.249:https TIME_WAIT TCP pc034:2360 cs15.msg.dcn.yahoo.com:5050 ESTABLISHED

TCP pc034:2361 dl2.yahoo.com:http TIME_WAIT

How should I go about blocking it? From the inside out or the outside in? Can you block by domain name?

Thanks for your reply,

Afish6969

0 Helpful

seanm
Level 1
Level 1
In response to afish6969

‎02-04-2004 08:35 PM

Well, identifying the apps is the first step. Next I would search Google/CCO for relevant information such as ports used, these apps sometimes pick from a range of ports.

I would block at the edge of the network outbound if possible, so the client applications cannot even initiate a connection to the servers. In the past, I have relied on IDS for this functionality as it is very flexible, sending RST and redirecting to a company website explaining that this type of use is prohibited.

0 Helpful

afish6969
Level 1
Level 1
In response to seanm

‎02-05-2004 08:55 AM

Thanks for all the help. The whole process has been a learning experience.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents