11-18-2008 06:17 PM - edited 03-11-2019 07:15 AM
Hi,
Is there any way to block any p2p traffic but not based on TCP/UDP ports but the content or certain pattern of the p2p packets on Cisco router?
I know use of NBAR but there can't be found all p2p protocols.
Thanks for any suggestions.
Remi
11-19-2008 02:51 AM
Remi,
If NBAR is not catching the particular application, you can download and enable extra specific PDLM files - these are add on's to the existing NBAR classifications in the router IOS.
HTH>
11-19-2008 07:30 AM
Hi,
Thanks for your suggestions. I did take a look for the latest PDLMs and could not find any for ARES, LIMEWIRE or Bittorrent.
I am not sure if there are any PDLMs covering those applications. ARES is very nasty, uses dynamicly assigned ports from unspecified range.
I looked into ZPF config guides and it looks like with latest IOSs, Cisco added p2p applications for inspect so that with policy-map it could be policed to drop certain traffic maching certaing applications. Those features are available on 880 series for instance but I am working with 870 series.
Maybe you know of any PDLMs that would support ARES or LIMEWIRE.
Thanks a lot in advance.
Remi
11-20-2008 09:58 AM
The application firewall feature of CBAC can block p2p traffic based on the content of the packet and not the port it is using.
Please look under HTTP, POP/IMAP, and SMTP/ESMTP Application Inspection
11-20-2008 03:56 PM
Hi,
Many thanks for additional clues but I guess ARES is not supported.
11-20-2008 04:08 PM
Please rate if it was useful.
Thx
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide