Blocking streaming media with deep packet inspection

Unanswered Question

I have a problem with blocking streaming audio from web radio stations. We use a pair of ASA 5510's on our perimeter. Has anyone been successful at blocking this traffic with an ASA? If so could you provide a snippet of your configuration.

I assume it would be using Modular Policy Framework, but I have no clue how to write these from scratch, which is why im asking for help :)



Thanks in advance!!


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
didyap Fri, 09/28/2007 - 14:26
User Badges:
  • Silver, 250 points or more

You can create a policy for blocking streaming traffic. Here is a sample

policy-map type inspect http Shareware

parameters

protocol-violation action drop-connection log

class asdm_high_security_methods

drop-connection

match request header non-ascii

drop-connection

match request uri regex _default_gnu-http-tunnel_arg

drop-connection log

match request uri regex _default_gnu-http-tunnel_uri

drop-connection log

match request uri regex _default_windows-media-player-tunnel

drop-connection log


acomiskey Fri, 10/19/2007 - 11:18
User Badges:
  • Green, 3000 points or more

didyap,


I tried out your config example and cannot get it entered. Could you help me out?


ASA5510(config-pmap-p)# class asdm_high_security_methods

ERROR: % class-map asdm_high_security_methods not configured


If I go back and do...



ASA5510(config)# class asdm_high_security_methods


then go back and try...


ASA5510(config-pmap-p)# class asdm_high_security_methods

ERROR: Specified class type is different from the policy-map type.




Actions

This Discussion