cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1178
Views
5
Helpful
14
Replies

Block P2P and Bittorrent

ray_stone
Level 1
Level 1

Hi, As there are lot of softwares which works on P2P so is it possible to block all p2p traffic whether the traffic comes by using any software. Second, would block Bittorrent Traffic as well. Please suggest.

14 Replies 14

Marwan ALshawi
VIP Alumni
VIP Alumni

do the following

class-map match-any sdm_p2p_kazaa

match protocol fasttrack

match protocol kazaa2

class-map match-any sdm_p2p_edonkey

match protocol edonkey

class-map match-any sdm_p2p_gnutella

match protocol gnutella

class-map match-any sdm_p2p_bittorrent

match protocol bittorrent

policy-map blocking_P2P

class sdm_p2p_gnutella

drop

class sdm_p2p_bittorrent

drop

class sdm_p2p_edonkey

drop

class sdm_p2p_kazaa

drop

the apply it in two directions on the outside interface

lets say

interface fa0/1

service-policy input blocking_P2P

service-policy output blocking_P2P

and should work perfect

but see the following prevous post first

http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Firewalling&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.2cc188a9/0#selected_message

good luck

please, if helpful rate

Farrukh Haroon
VIP Alumni
VIP Alumni

Using what, ASA/PIX or IOS?

Regards

Farrukh

ASA 5505

then just follow the following link will guid u step by step

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c38a6.shtml

good luck

please if helpful Rate

Will it block all P2p trafic if user use any software like kazaa, lime wire and etc. And what about bittorrent.

most the times these kind of p2p hard to block because it work under http (tunneled under http) so the link above inspect the http misuse and block these kind of traffic

also with class-map tyrp inspect ?

put question marck and check what othe rotions u can get

the same with policy-map tey ?

and so on

with the above link should be fine

please, if helpful rate

Well, it means we dont have any other option to block every software which supports P2P traffic.

I have gone through the above link commands and its working fine but still I am able to download the softwares, movies etc by using bittorrent.

Is there any other method would you recommand so that the P2p and bittorrent traffic to be blocked. Please suggest.

try the simple way

go to that software setings

ses what ports [ tcp udp whatever] it use

and then deny it by simple ACLs

Blocking bittorrent is a little difficult as compared to the other P2P softwares.

Have a look at these links tough:

http://wiki.wireshark.org/BitTorrent

http://userpages.umbc.edu/~hamilton/btclientconfig.html

Regards

Farrukh

hi Farrukh

what u suggest in case of bittorrent ?

because with IOS firewall the is a matching for it inculded with NBAR

however in ASA not inculded with MPF except the one for port mis-use!!!

Marwan please check the two links I posted in my earlier post (via Edit). The reason why its difficult is because of the random ports and secondly because some clients use encryption and even HTTPS for tracker as mentioned here:

http://seclists.org/pen-test/2007/Aug/0197.html

Regards

Farrukh

i know the idea...

and i know why hard to match it...

but, i just asked u about ur opinion which way u think better to block it !

anyway thank you

Sorry I did not understand your initial post clearly. I would first start to block the ports and check the famous clients (Azerus,Utorrent,BitTorrent) to see if they continue to work. Then only I would resort to fancy things like HTTP inspection as they have huge performane impact on firewalls (ASA,Netscreen etc.)

Ragards

Farrukh

cool

and Thank You

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: