BT blocking using ASA

Unanswered Question
Sep 29th, 2010
User Badges:

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;}

Hi Forum People, greeting.



I have an ASA 5510 with SSM CSC, i only using inside interface connect to LAN, outside interface connect to Border Router.



My motive is would like to block user from inside interface using Bit Torrent related application to download anything from outside.



I manage to use SSM CSC to URL Blocking user using broswer to surf any Torrent related website, so user cannot goto Torrent related website to find the seed.


Then now I testing using vuze BT tracker application, it still can able to penetrate and download from other end peer.



I showing the action list I done before:


First, I using MPF to filter the traffic.



regex bit-torrent-tracker ".*[Ii][Nn][Ff][Oo]_[Hh][Aa][Ss][Hh]=.*"


!


object-group service BitTorrent-Tracker tcp


description TCP Ports used by Bit Torrent for tracker communication


port-object eq 2710


port-object eq 6969


!


object-group service Blocked-UDP-Ports udp


description All ports blocked for Bit Torrent UDP DHT


port-object range 10001 65535


port-object range 1024 5554


port-object range 5600 9999


!


access-list DENY-BT extended deny tcp any any object-group BitTorrent-Tracker log warnings


access-list DENY-BT extended deny udp any any object-group Blocked-UDP-Ports log warnings


access-list DENY-BT extended permit tcp any any


access-list DENY-BT extended permit udp any any


access-list DENY-BT extended permit icmp any any echo


!


class-map http_traffic


match port tcp eq www


!


class-map type inspect http match-all bit-torrent-tracker


description Bit Torrent Tracker communication


match request args regex bit-torrent-tracker


match request method get


!


policy-map type inspect http Drop-P2P


description Drop protocol violations Bit Torrent Tracker traffic


parameters


  protocol-violation action drop-connection log


class bit-torrent-tracker


  drop-connection log


!


policy-map global_policy


class http_traffic


  inspect http Drop-P2P


!


service-policy global_policy interface inside


!


access-group DENY-BT out interface inside




attach the snapshot on the ASDM service policy rules



idea needed, i need to kill this vuze to download..

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Magnus Mortensen Wed, 09/29/2010 - 20:34
User Badges:
  • Cisco Employee,

Yongkhang,

     What do you see if you load wireshark on your computer and then launch vuze? What TCP/UDP/Etc connections are made by the application that are not yet blocked? Make sure you close any other programs so the only network activity is from the VUZE application on your computer. Once you identify what ports/protocols VUZE uses, then you can proceed to ACL them off.


- Magnus

yong khang NG Thu, 09/30/2010 - 18:58
User Badges:

Hi Magnus,


Thanks for the advice. as i strengthen the ACL rule, with wider range of UDP port-range from 10000-65535. Traffic is tear down and after certain period, the transaction time out and can't success donwload.


Just have few more thing to  check with you.



Q1. is it possible ASA to scan encrypted traffic?


thank

Panos Kampanakis Fri, 10/01/2010 - 07:54
User Badges:
  • Cisco Employee,

Unfortunatelly the ASA cannot inspect https or encrypted traffic because we would not be able to look into the messages since they are encrypted.


I hope it makes sense.


PK

Actions

This Discussion