Block P2P and Bittorrent

Unanswered Question
Aug 12th, 2008

Hi, As there are lot of softwares which works on P2P so is it possible to block all p2p traffic whether the traffic comes by using any software. Second, would block Bittorrent Traffic as well. Please suggest.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Marwan ALshawi Tue, 08/12/2008 - 18:54

do the following

class-map match-any sdm_p2p_kazaa

match protocol fasttrack

match protocol kazaa2

class-map match-any sdm_p2p_edonkey

match protocol edonkey

class-map match-any sdm_p2p_gnutella

match protocol gnutella

class-map match-any sdm_p2p_bittorrent

match protocol bittorrent

policy-map blocking_P2P

class sdm_p2p_gnutella

drop

class sdm_p2p_bittorrent

drop

class sdm_p2p_edonkey

drop

class sdm_p2p_kazaa

drop

the apply it in two directions on the outside interface

lets say

interface fa0/1

service-policy input blocking_P2P

service-policy output blocking_P2P

and should work perfect

but see the following prevous post first

http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Firewalling&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.2cc188a9/0#selected_message

good luck

please, if helpful rate

ray_stone Tue, 08/12/2008 - 19:51

Will it block all P2p trafic if user use any software like kazaa, lime wire and etc. And what about bittorrent.

Marwan ALshawi Tue, 08/12/2008 - 20:02

most the times these kind of p2p hard to block because it work under http (tunneled under http) so the link above inspect the http misuse and block these kind of traffic

also with class-map tyrp inspect ?

put question marck and check what othe rotions u can get

the same with policy-map tey ?

and so on

with the above link should be fine

please, if helpful rate

ray_stone Tue, 08/12/2008 - 20:33

Well, it means we dont have any other option to block every software which supports P2P traffic.

I have gone through the above link commands and its working fine but still I am able to download the softwares, movies etc by using bittorrent.

Is there any other method would you recommand so that the P2p and bittorrent traffic to be blocked. Please suggest.

Marwan ALshawi Tue, 08/12/2008 - 20:45

try the simple way

go to that software setings

ses what ports [ tcp udp whatever] it use

and then deny it by simple ACLs

Marwan ALshawi Tue, 08/12/2008 - 21:22

hi Farrukh

what u suggest in case of bittorrent ?

because with IOS firewall the is a matching for it inculded with NBAR

however in ASA not inculded with MPF except the one for port mis-use!!!

Marwan ALshawi Tue, 08/12/2008 - 21:47

i know the idea...

and i know why hard to match it...

but, i just asked u about ur opinion which way u think better to block it !

anyway thank you

Farrukh Haroon Tue, 08/12/2008 - 21:53

Sorry I did not understand your initial post clearly. I would first start to block the ports and check the famous clients (Azerus,Utorrent,BitTorrent) to see if they continue to work. Then only I would resort to fancy things like HTTP inspection as they have huge performane impact on firewalls (ASA,Netscreen etc.)

Ragards

Farrukh

Actions

This Discussion