Video Games regex or similar

Unanswered Question
Aug 2nd, 2010

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-top:0cm; mso-para-margin-right:0cm; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0cm; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi; mso-fareast-language:EN-US;}

Hi guys,

Does Cisco have any pre-defined application inspection regexes for video games such as World of Warcraft, Steam, PlayStation Network, etc…

Or is there a community site where these could be obtained?

Thank you.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
mirober2 Mon, 08/02/2010 - 06:25

Hello,

Unfortunately there are no pre-defined regexes that would help here. You would have to do some digging into the traffic itself to find out if there is anything you can reasonably filter on. Instead, you might be better off with the approach of blocking the specific ports used by the games. This might not work 100% successfully, but it would be a start. Here are a couple of links that might be helpful:

World of Warcraft Port Numbers:

http://us.blizzard.com/support/article.xml?locale=en_US&articleId=21015&rhtml=true

List of commonly used ports for various games/applications (including Steam and PSN):

http://portforward.com/cports.htm

Hope that helps.

-Mike

uber_cookie Mon, 08/02/2010 - 06:30

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-top:0cm; mso-para-margin-right:0cm; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0cm; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi; mso-fareast-language:EN-US;}

We are actually looking in permitting the games, but it is difficult to make the actual connections secure since majority of the ports that need to be open for games can be abused for p2p.

To make things even worst WoW uses torrent to update itself.

Other vendors such as SonicWall offer built-in signatures for that, but since we are running Cisco environment we would prefer to stay with Cisco.

mirober2 Mon, 08/02/2010 - 09:21

I know this is not exactly what you're looking for, but you could allow the ports and then use regex to block the P2P traffic. We do have some pre-built regexes for this type of thing:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c38a6.shtml

If you scroll down to the "List of built-in regular expressions" section you'll see what I'm referring to.

By any chance do you have an IDS? You might have better luck doing this type of filtering there than with the ASA's functionality.

-Mike

Actions

This Discussion

Related Content