AIPSSM - Block MSN file transfer with signature not working

Unanswered Question
Dec 17th, 2007
User Badges:
  • Bronze, 100 points or more

I have an ASA firewall with AIP-SSM module, i've configured in the application policy an access-list sending everything to IPS.


In the IPS I enabled the signature 11246 that matches MSN file transfer and set the signature to deny packet inline.


When I use MSN to transfer some file the log of IPS says "deny" for action, but the file is transferred normaly and I want it to be denyed


some idea?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
tstanik Tue, 12/25/2007 - 07:09
User Badges:
  • Bronze, 100 points or more

MSN file transfer works over the MSN Messenger Activity. To block the file transfer effectively you will need to block the messenger activity in your case. If you are sending the traffic to the IPS, and can see hits for the signature 11201 "MSN Messenger Activity" and if you only want to block this for certain IP addresses then the solution to your problem is to use 'Event Action Filters' for the existing Signature 11201.

guibarati Wed, 12/26/2007 - 06:07
User Badges:
  • Bronze, 100 points or more

Hi, thanks but i want to block only the file transfer activity over msn not the msn at all.

Actions

This Discussion