×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

How to block p2p applications(Bittorent like) with AIP-SSM-10?

Unanswered Question
sebastan_bach Tue, 12/26/2006 - 15:56
User Badges:

hi siva for blocking p2p applications the ids or the ips doesn;t have inbuilt signature. u will have to cretae customs signatures for it.


but the easiest way to block them is to block them on the firewall itself. that;s the best and easiest way.


anyways the packet first hits the firewall and then the aip module then why not block it on the firewall itself.


regards


sebastan

jlimbo Tue, 12/26/2006 - 17:56
User Badges:

There are several signatures that detect p2p, for bit torrent there is 11020.0


Yahoo triggers: 5539.0, 11200.0, 11212.0, 11217.0 & 11219.0


etc..


Some are disabled by default though so please ensure you enable the ones that you need.


If you want to block these then you will have to use event actions that work in promiscuous setup for example request block connection and tcp reset. Please note that care must be taken when using these event actions.


For more information about the event actions please refer the link below:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids12/idmguide/dmevtrul.htm#wp1069467




Actions

This Discussion