Block P2P and Bittorrent

Unanswered Question
Aug 12th, 2008
User Badges:

Hi, As there are lot of softwares which works on P2P so is it possible to block all p2p traffic whether the traffic comes by using any software. Second, would block Bittorrent Traffic as well. Please suggest.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Marwan ALshawi Tue, 08/12/2008 - 18:54
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

do the following


class-map match-any sdm_p2p_kazaa

match protocol fasttrack

match protocol kazaa2

class-map match-any sdm_p2p_edonkey

match protocol edonkey

class-map match-any sdm_p2p_gnutella

match protocol gnutella

class-map match-any sdm_p2p_bittorrent

match protocol bittorrent


policy-map blocking_P2P

class sdm_p2p_gnutella

drop

class sdm_p2p_bittorrent

drop

class sdm_p2p_edonkey

drop

class sdm_p2p_kazaa

drop


the apply it in two directions on the outside interface


lets say

interface fa0/1

service-policy input blocking_P2P

service-policy output blocking_P2P


and should work perfect



but see the following prevous post first



http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Firewalling&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.2cc188a9/0#selected_message


good luck


please, if helpful rate


Farrukh Haroon Tue, 08/12/2008 - 19:02
User Badges:
  • Red, 2250 points or more

Using what, ASA/PIX or IOS?


Regards


Farrukh

ray_stone Tue, 08/12/2008 - 19:51
User Badges:

Will it block all P2p trafic if user use any software like kazaa, lime wire and etc. And what about bittorrent.

Marwan ALshawi Tue, 08/12/2008 - 20:02
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

most the times these kind of p2p hard to block because it work under http (tunneled under http) so the link above inspect the http misuse and block these kind of traffic

also with class-map tyrp inspect ?


put question marck and check what othe rotions u can get

the same with policy-map tey ?

and so on


with the above link should be fine


please, if helpful rate

ray_stone Tue, 08/12/2008 - 20:33
User Badges:

Well, it means we dont have any other option to block every software which supports P2P traffic.


I have gone through the above link commands and its working fine but still I am able to download the softwares, movies etc by using bittorrent.


Is there any other method would you recommand so that the P2p and bittorrent traffic to be blocked. Please suggest.


Marwan ALshawi Tue, 08/12/2008 - 20:45
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

try the simple way

go to that software setings

ses what ports [ tcp udp whatever] it use

and then deny it by simple ACLs



Marwan ALshawi Tue, 08/12/2008 - 21:22
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

hi Farrukh


what u suggest in case of bittorrent ?


because with IOS firewall the is a matching for it inculded with NBAR


however in ASA not inculded with MPF except the one for port mis-use!!!



Farrukh Haroon Tue, 08/12/2008 - 21:37
User Badges:
  • Red, 2250 points or more

Marwan please check the two links I posted in my earlier post (via Edit). The reason why its difficult is because of the random ports and secondly because some clients use encryption and even HTTPS for tracker as mentioned here:


http://seclists.org/pen-test/2007/Aug/0197.html


Regards


Farrukh

Marwan ALshawi Tue, 08/12/2008 - 21:47
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

i know the idea...

and i know why hard to match it...

but, i just asked u about ur opinion which way u think better to block it !


anyway thank you

Farrukh Haroon Tue, 08/12/2008 - 21:53
User Badges:
  • Red, 2250 points or more

Sorry I did not understand your initial post clearly. I would first start to block the ports and check the famous clients (Azerus,Utorrent,BitTorrent) to see if they continue to work. Then only I would resort to fancy things like HTTP inspection as they have huge performane impact on firewalls (ASA,Netscreen etc.)


Ragards


Farrukh

Marwan ALshawi Wed, 08/13/2008 - 01:13
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

cool


and Thank You

Actions

This Discussion