cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
976
Views
4
Helpful
5
Replies

p2p blocking on Cisco IOS

remi-reszka
Level 1
Level 1

Hi,

Is there any way to block any p2p traffic but not based on TCP/UDP ports but the content or certain pattern of the p2p packets on Cisco router?

I know use of NBAR but there can't be found all p2p protocols.

Thanks for any suggestions.

Remi

5 Replies 5

andrew.prince
Level 10
Level 10

Remi,

If NBAR is not catching the particular application, you can download and enable extra specific PDLM files - these are add on's to the existing NBAR classifications in the router IOS.

HTH>

Hi,

Thanks for your suggestions. I did take a look for the latest PDLMs and could not find any for ARES, LIMEWIRE or Bittorrent.

I am not sure if there are any PDLMs covering those applications. ARES is very nasty, uses dynamicly assigned ports from unspecified range.

I looked into ZPF config guides and it looks like with latest IOSs, Cisco added p2p applications for inspect so that with policy-map it could be policed to drop certain traffic maching certaing applications. Those features are available on 880 series for instance but I am working with 870 series.

Maybe you know of any PDLMs that would support ARES or LIMEWIRE.

Thanks a lot in advance.

Remi

The application firewall feature of CBAC can block p2p traffic based on the content of the packet and not the port it is using.

Please look under HTTP, POP/IMAP, and SMTP/ESMTP Application Inspection

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5710/ps1018/product_implementation_design_guide09186a00800fd670.html

Hi,

Many thanks for additional clues but I guess ARES is not supported.

Please rate if it was useful.

Thx

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: