cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
699
Views
0
Helpful
3
Replies

Block Peer-2-Peer Traffic

joseph.steve
Level 1
Level 1

Hi All

I got ASA 5510 with base license, can I block all Peer-2-Peer traffic from inside to outside.

ASA Giga 0/0 connected to ISP Router 2811

ASA Giga 0/1 connected to LAN switch 3560

Thanks upfront

cheers

Steve

3 Replies 3

Marcin Latosiewicz
Cisco Employee
Cisco Employee

Steve,

In majority of cases you will not be able to block it completly, unless you go for full restriction of outgoing ports/protocols except the ones needed by your users and then you also need to check for integrity of those (HTTP inspection, proxy server for HTTP/HTTS request)

P2P are known to tunnel inside other protocols (HTTP and HTTPS are usually preferred) and mechanisms (toredo, 6to4, etc). Most use some level of encryption and even some IPSes are not able to cope with that - are are able to dectec only parts of traffic. Dynamic ports, upnp, megnet links, and a lot more.

And this is only for bittorrent. :-)

Marcin

Thanks

Any template from Cisco to block the minimum threats

Have a look here:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c38a6.shtml

But don't have too high hopes in this being the solution to all problems.

Seconds thing to consider is threat-detection to a degree it can stop some of the activity by very chatty hosts (which p2p usually are).

If you have an IPS/IDS somehwere you can detect un-encrypted part of P2P and drop it - signaures exist.

IOS has nbar - it can detect quite a lot of common p2p and (via class map/policy-map) drop traffic - again don't have high hopes for this as solution to fix all the problem.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: