Block Ares with AIP-SSM

Unanswered Question
Feb 1st, 2008


One of my costumers has the urgent need to block one p2p application named ares. I searched in the p2p signature database and i found signatures for kazza, gnutella, imesh,etc , but didnt find any reference to this application.

Any ideas how can i block ares with an AIP-SSM ?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
bwilmoth Thu, 02/07/2008 - 15:12

The AIP SSM can operate in one of two modes, such as:

Inline modeThis mode places the AIP SSM directly in the traffic flow. You must first pass through and be inspected by the AIP SSM before you can continue through the adaptive security appliance.

This mode is the most secure because every packet is analyzed before it is allowed through. Also, the AIP SSM can implement a blocking policy on a packet-by-packet basis. But, this mode can affect throughput. Use the Inline keyword of the ips command in order to specify this mode.

Promiscuous modeIn this mode, a duplicate stream of traffic is sent to the AIP SSM. This mode is less secure. The SSM that operates in promiscuous mode instructs the adaptive security appliance to shun the traffic or resets a connection on the adaptive security appliance in order to block traffic.

Also, while the AIP SSM analyzes the traffic, a small amount of traffic possibly passes through the adaptive security appliance before the AIP SSM can block it. Use the Promiscuous keyword of the ips command in order to specify this mode.


This Discussion