Blocking bittorrent on pix or cisco7603

Unanswered Question
Jan 11th, 2010
User Badges:


I want to block bittorrent on pix or cisco7603. I want to block it completely (client can choose dynamic ports),

so i need packet inspection. On pix525 i could not find any bittorrent inspection, on cisco7603 NBAR implementation is very poor

(it almost does not exists).

Is there any way for blocking bittorrent on pix or 7603 ?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
trustcisco Mon, 01/11/2010 - 06:00
User Badges:

blocking bittorrent on the firewall could be tricky since it uses port 80 and could also use encryption.

1. Use a web security gateway for your users and stop p2p there.

2. Stop the problem on its source. Use active directory and do not allow users run .exe files.

3. Do not NAT users unless you have to.

4. If you cannot do any of these you can try this :

Panos Kampanakis Mon, 01/11/2010 - 17:57
User Badges:
  • Cisco Employee,
Bittorrent is a tricky P2P application. It tunnel through HTTP and randomly changes the port. So there isn't a way to use the ASA
a clean way to stop this.

We might be better off using an IPS module or may be use NBAR on a router as well as with a url filtering server. 

However, you can try blocking the ports this application uses, which are ports 6881 to 6999. For instance:

access-list inside_in deny tcp any any range 6881 6999
access-list inside_in permit ip any any
access-group inside_in in interface inside

You can also try using the following configuration to block P2P applications on the firewall.

I hope hit helps.


vilaxmi Mon, 01/11/2010 - 20:36
User Badges:
  • Cisco Employee,


True ASA can not do deep packet inspections, so BITTorrents could be better blocked using AIP-SSM or CSC-SSM security modules or some third party solution for the same. And again, since they tend to change ports during the session, it maybe difficult to keep track of ports they will be using, so I am not sure if blocking the ports via ACL is going to help us, nevertheless its worth a lab test.




This Discussion