cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
244
Views
0
Helpful
1
Replies

NBAR question

pseudonode
Level 1
Level 1

Let's say I do this on my network:

class-map bittorrent

match protocol bittorrent

!

policy-map Outside

class bittorrent

drop

If someone changed their default bittorrent port, for example to port 80, would this circumvent detection?

If I then use "ip nbar port-map bittorrent tcp 80" to change the port monitored for bittorrent, doesn't this negate the purpose of NBAR - ie. to look further into the packet than just the port number in order to recognise traffic?

1 Reply 1

htarra
Level 4
Level 4

The NBAR approach is useful in dealing with malicious software using known ports to fake being "priority traffic",

as well as non-standard applications using dynamic ports.

Below link which help you for the configuration of NBAR :

http://www.cisco.com/warp/public/63/nbar_acl_codered.shtml

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: