using nbar to block peer 2 peer traffic

dhalevi · ‎11-15-2010

hi all,

I had a discussion in the "Other Security Subjects" forum, and the answer I received was that NBAR is not good at blocking peer to peer traffic.

Here is the discussion, https://supportforums.cisco.com/message/3226205 .

Can someone else please weigh in on this? Is NBAR not good for blocking peer 2 peer traffic?

thanks in advance!

stephen.stack · ‎11-15-2010

Hi There,

This paticular config has worked really well for me in the past.

But as with all apps, P2P progesses, and finds ways to circumvent

these types of application level inspection mechanisms.

My own opinion is to use a reliable proxy server, websense or bluecoat or similar.

Perhpas consider locking down outbound traffic to specific ports i.e. 80, 53, 443, 25, 110 etc..

Even at that a lot of P2P apps use port 80 now.

HTH

Stephen

========================== http://www.rconfig.com A free, open source network device configuration management tool, customizable to your needs! - Always vote on an answer if you found it helpful

using nbar to block peer 2 peer traffic

Re: Dead Peer Detection

Anyone still using Peer to Peer Blocking on WLAN

Unable to Connect two E-BGP Peers using IBGP Peers

vpc peer-gateway

Problem Peering