02-19-2008 09:50 AM - edited 03-11-2019 05:04 AM
Hi.. All
Pls expain how can I block P2P Applications such as emule,Kazza etc with Modular Policy Framework?
Also to block certain file types to be uploaded to internal FTP server?
02-19-2008 10:08 AM
You must be knowing ASA/Pix(version7) has default classes for this type of traffic
Security-525(config-pmap-c)# sh run all class-map type inspect http
!
class-map type inspect http match-all _default_gator
match request header user-agent regex _default_gator
class-map type inspect http match-all default_kazaa
match none
class-map type inspect http match-all _default_msn-messenger
match response header content-type regex _default_msn-messenger
class-map type inspect http match-all _default_yahoo-messenger
match request body regex _default_yahoo-messenger
class-map type inspect http match-all _default_windows-media-player-tunnel
match request header user-agent regex _default_windows-media-player-tunnel
class-map type inspect http match-all _default_gnu-http-tunnel
match request args regex _default_gnu-http-tunnel_arg
match request uri regex _default_gnu-http-tunnel_uri
class-map type inspect http match-all _default_firethru-tunnel
match request header host regex _default_firethru-tunnel_1
match request uri regex _default_firethru-tunnel_2
class-map type inspect http match-all _default_aim-messenger
match request header host regex _default_aim-messenger
class-map type inspect http match-all _default_http-tunnel
match request uri regex _default_http-tunnel
class-map type inspect http match-all _default_kazaa
match response header regex _default_x-kazaa-network count gt 0
class-map type inspect http match-all _default_shoutcast-tunneling-protocol
match request header regex _default_icy-metadata regex _default_shoutcast-tunneling-protocol
class-map type inspect http match-all _default_GoToMyPC-tunnel
match request args regex _default_GoToMyPC-tunnel
match request uri regex _default_GoToMyPC-tunnel_2
class-map type inspect http match-all _default_httport-tunnel
match request header host regex _default_httport-tunnel
!
So you use the following commands to block for example Kaza
policy-map type inspect http filterp2p
Security-525(config-pmap-c)# policy-map global_policy
Security-525(config-pmap)# policy-map type inspect http filterp2p
Security-525(config-pmap)# class default_kazaa
Security-525(config-pmap-c)# drop-connection log
see if this helps !
02-19-2008 10:37 AM
I've been struggling with the following for
the past year without any solutions:
1- I want to block users from using
AOL Instant messenging. AOL can masquerade any
ports. I don't want to do a nslookup and
block the AOL destination. With Checkpoint,
this was not an issue via SmartDefense. How
can I do this with pix or asa devices?
2- How do I block nachi worm with Pix/ASA,
like this below:
access-list 199 permit icmp any any echo
access-list 199 permit icmp any any echo-reply
route-map nachi-worm permit 10
match ip address 199
match length 92 92
set interface Null0
interface F0/0
no ip unreachables
ip route-cache policy
ip policy route-map nachi-worm
I can do this with Checkpoint in 20 seconds.
With Pix, I don't know how.
02-19-2008 10:52 AM
GUIs are always a 20 seconds game..
02-19-2008 10:56 AM
so what are the solutions for pix/asa?
02-19-2008 11:10 AM
Hello Anish, please try my sample config that I posted for you and let me know if there is anything else I can help you with.
02-19-2008 06:18 PM
Hi.. ASHISH
Thanks Lot. I havent noticed the above default class maps. I will try it.
I also set my FTP policy to allow only certain file types. Can I use CSC module to inspect inbounf FTP files? If my ASA has AIP module populated and no room for CSC how can i use an antivirus program to inspect inbound FTP traffic?
02-20-2008 09:16 PM
hey Anish,,well if you have AIP/SSM module or CSC module then you actually a full fledged IPS mechanism and you can certainly monitor/block/reset inbound/outbound FTP files or ftp commands as well
You just need to configure AIP-SSM and turn on all the default signatures
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide