Blocking streaming media with deep packet inspection

jim · ‎09-24-2007

I have a problem with blocking streaming audio from web radio stations. We use a pair of ASA 5510's on our perimeter. Has anyone been successful at blocking this traffic with an ASA? If so could you provide a snippet of your configuration.

I assume it would be using Modular Policy Framework, but I have no clue how to write these from scratch, which is why im asking for help :)

Thanks in advance!!

didyap · ‎09-28-2007

You can create a policy for blocking streaming traffic. Here is a sample

policy-map type inspect http Shareware

parameters

protocol-violation action drop-connection log

class asdm_high_security_methods

drop-connection

match request header non-ascii

drop-connection

match request uri regex _default_gnu-http-tunnel_arg

drop-connection log

match request uri regex _default_gnu-http-tunnel_uri

drop-connection log

match request uri regex _default_windows-media-player-tunnel

drop-connection log

jim · ‎10-02-2007

You nailed it.. Thanks!!

jim · ‎10-02-2007

Anyone else have any good URI filters they care to share?

shoutcast?

MP3 players?

Online Video our worst problem!

acomiskey · ‎10-19-2007

didyap,

I tried out your config example and cannot get it entered. Could you help me out?

ASA5510(config-pmap-p)# class asdm_high_security_methods

ERROR: % class-map asdm_high_security_methods not configured

If I go back and do...

ASA5510(config)# class asdm_high_security_methods

then go back and try...

ASA5510(config-pmap-p)# class asdm_high_security_methods

ERROR: Specified class type is different from the policy-map type.