I'm a network administrator at a university and we use the Cisco IPS 4255 to monitor dorm network traffic. It has worked well for detecting dorm residents who use Bittorrent or Kazaa P2P file sharing applications, and we configured our IPS to shun the user's IP addreess upon detection. But lately, we have been getting complaints from users that they get disconnected from the Internet (shunned) because they were watching high definition streaming video from legitimate sites such as NBC.com. It turns out that NBC.com uses Pando Networks Media Booster to deliver their streaming TV shows in HD via Bittorrent technology:
We do want to block the P2P application file sharing activity because users could transfer copyrighted music or movies files, but we don't want to block streaming video that utilizes the Pando Networks technology. Has anyone else encountered this problem? Anyone have any suggestions to tackle this problem? I know I can configure exemptions on the IPS sensor policies, but not sure if it is possible to exempt just streaming HD video (Pando Networks technology that uses Bittorrent protocol).