cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
757
Views
0
Helpful
1
Replies

P2P Blocking Recommendations

exonetinf1nity
Level 1
Level 1

Greetings, i have an issue with a contract we have recently taken over, it is a managed office environment and one particular user is utilising what i can only determine as p2p applications as the host in question is downloading approx 45Gb over a 24 hour period, i dont have access to NBAR as the router is managed by the ISP and i have tried p2p MPF maps on the ASA 5510 to block it but it's coming through, the port range is 8191-65535 and im quite sure the built in regular expressions dont match what is being downloaded.

I was thinking about policing using basic QoS maps but would you guys be able to suggest an alternative?

Regards

1 Reply 1

JORGE RODRIGUEZ
Level 10
Level 10

Mark,

You have several options, it seems you have touched on the basic ones nbar being one, and MPF. If this is a relatively small network in terms of users probably the easiest way is to directly contact the user to stop P2P file sharing downloads, but this approach is a quick non-effective workaround it, this would be if this is a small network 25 to 50 users where one could have more control.

1-Revice your MPF implementation to ensure that implementation is not meeting your needs, try exhausting this option, QoS rate limiting could be another option but what is the ultimate goal? Allow P2P file sharing in the company or completely stop non-work related downloads?

See Allow and Block the Traffic Through the Security Appliance

http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html

2- Consider looking into other alternatives, if you have ASA 5510 or above you may want to look into CSC-SSM module :

CSC-SSM - Look at data sheets

http://www.cisco.com/en/US/products/ps6823/index.html

SSM module configurations example and file blocking

http://www.cisco.com/en/US/docs/security/csc/csc61/administration/guide/csc4.html#wp1002608

CSC-SSM Q& A

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_qas0900aecd8040397e.html

3-NBAR would be another solution but you have indicated ISP managed router, perhaps placing a router between ISP router and your ASA5500 firewall will give you the management access to implement NBAR.

4- Websence is to be a very effective product

Rgds

-Jorge

Jorge Rodriguez
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: