P2P Blocking Recommendations

Unanswered Question
Jul 4th, 2008

Greetings, i have an issue with a contract we have recently taken over, it is a managed office environment and one particular user is utilising what i can only determine as p2p applications as the host in question is downloading approx 45Gb over a 24 hour period, i dont have access to NBAR as the router is managed by the ISP and i have tried p2p MPF maps on the ASA 5510 to block it but it's coming through, the port range is 8191-65535 and im quite sure the built in regular expressions dont match what is being downloaded.

I was thinking about policing using basic QoS maps but would you guys be able to suggest an alternative?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
JORGE RODRIGUEZ Sat, 07/05/2008 - 15:20


You have several options, it seems you have touched on the basic ones nbar being one, and MPF. If this is a relatively small network in terms of users probably the easiest way is to directly contact the user to stop P2P file sharing downloads, but this approach is a quick non-effective workaround it, this would be if this is a small network 25 to 50 users where one could have more control.

1-Revice your MPF implementation to ensure that implementation is not meeting your needs, try exhausting this option, QoS rate limiting could be another option but what is the ultimate goal? Allow P2P file sharing in the company or completely stop non-work related downloads?

See Allow and Block the Traffic Through the Security Appliance


2- Consider looking into other alternatives, if you have ASA 5510 or above you may want to look into CSC-SSM module :

CSC-SSM - Look at data sheets


SSM module configurations example and file blocking




3-NBAR would be another solution but you have indicated ISP managed router, perhaps placing a router between ISP router and your ASA5500 firewall will give you the management access to implement NBAR.

4- Websence is to be a very effective product




This Discussion