using nbar to block peer 2 peer traffic
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-15-2010 09:08 AM - edited 03-04-2019 10:28 AM
hi all,
I had a discussion in the "Other Security Subjects" forum, and the answer I received was that NBAR is not good at blocking peer to peer traffic.
Here is the discussion, https://supportforums.cisco.com/message/3226205 .
Can someone else please weigh in on this? Is NBAR not good for blocking peer 2 peer traffic?
thanks in advance!
- Labels:
-
Other Routing
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-15-2010 02:24 PM
Hi There,
This paticular config has worked really well for me in the past.
But as with all apps, P2P progesses, and finds ways to circumvent
these types of application level inspection mechanisms.
My own opinion is to use a reliable proxy server, websense or bluecoat or similar.
Perhpas consider locking down outbound traffic to specific ports i.e. 80, 53, 443, 25, 110 etc..
Even at that a lot of P2P apps use port 80 now.
HTH
Stephen
