NBAR question

Unanswered Question
Apr 8th, 2008

Let's say I do this on my network:

class-map bittorrent

match protocol bittorrent

!

policy-map Outside

class bittorrent

drop

If someone changed their default bittorrent port, for example to port 80, would this circumvent detection?

If I then use "ip nbar port-map bittorrent tcp 80" to change the port monitored for bittorrent, doesn't this negate the purpose of NBAR - ie. to look further into the packet than just the port number in order to recognise traffic?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion