Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

ASA instead of IPS to block torrents' signatures

Dear friends,

I would like to know if any of you have tried to block torrents' signatures with a help of ASA.

On some forums I have found information about the signatures, which can be found while inspecting utorrent traffic, and how to match them on a Cisco Router.

here they are:

Match start l3-start offset 40 size 5 regex "\x7F\xFF\xFF\xFF\xAB"

Match start l3-start offset 36 size 6 regex "\x7F\xFF\xFF\xFF\x00\x03"

Match start l3-start offset 36 size 8 regex "\x00\x00\x00\x00\x00\x38\x00\x00"

Match start l3-start offset 40 size 4 regex "\x00\x38\x00\x00"

Match start l3-start offset 44 size 4 regex "\x00\x01\x00\x00"

Is it possible to do the same on ASA an how? which criterions should be matched, while creating class-maps?

Thanks in advance.

222
Views
0
Helpful
0
Replies
CreatePlease to create content