Here's what i have: Cisco 1720 with T-1 speed coming in over a WIC-1ENET. IOS ver. 12.2(11)T10
The problem that I have right now on my network is people using both file sharing and chat programs. Later this year I'll be getting a PIX but for right now my only choice for stopping this type of traffic is ACL's. I can't seem to find a good example that I can use in my router.
Someone out there has had to have run across this before.
Any help will be welcome!!
Network admin for a blood sucking insurance company
As you didn't specify the file sharing and chat programs, it is a bit hard to help. You can enable NBAR to build a profile of the application traffic from which you can build an ACL.
Also, if you have IOS FW check and see if CBAC provides support for the protocols you are trying to combat.
You're right I didn't specify the programs. Here's what I have found: AIM, Yahoo, MSN messenger, and Kazaa seem to be the main ones. If possible I would like to block any chat program but I don't think there is a "catch all" way to do it.
I went to a P/C that had MSN and Yahoo going at the same time. I did a netstat -a and got this:
TCP pc034:2303 baym-cs108.msgr.hotmail.com:1863 ESTABLISHED
TCP pc034:2304 188.8.131.52:https TIME_WAIT TCP pc034:2360 cs15.msg.dcn.yahoo.com:5050 ESTABLISHED
TCP pc034:2361 dl2.yahoo.com:http TIME_WAIT
How should I go about blocking it? From the inside out or the outside in? Can you block by domain name?
Thanks for your reply,
Well, identifying the apps is the first step. Next I would search Google/CCO for relevant information such as ports used, these apps sometimes pick from a range of ports.
I would block at the edge of the network outbound if possible, so the client applications cannot even initiate a connection to the servers. In the past, I have relied on IDS for this functionality as it is very flexible, sending RST and redirecting to a company website explaining that this type of use is prohibited.