Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1836
Views
0
Helpful
3
Replies

Blocking bittorrent on pix or cisco7603

mlopacinski
Level 1
Level 1

‎01-11-2010 04:54 AM - edited ‎03-11-2019 09:55 AM

Hello

I want to block bittorrent on pix or cisco7603. I want to block it completely (client can choose dynamic ports),

so i need packet inspection. On pix525 i could not find any bittorrent inspection, on cisco7603 NBAR implementation is very poor

(it almost does not exists).

Is there any way for blocking bittorrent on pix or 7603 ?

Thanx

Labels:
0 Helpful
3 Replies 3

trustcisco
Level 1
Level 1

‎01-11-2010 06:00 AM

blocking bittorrent on the firewall could be tricky since it uses port 80 and could also use encryption.

1. Use a web security gateway for your users and stop p2p there.

2. Stop the problem on its source. Use active directory and do not allow users run .exe files.

3. Do not NAT users unless you have to.

4. If you cannot do any of these you can try this :

http://www.nortfm.com/?View=entry&EntryID=44

0 Helpful

Panos Kampanakis
Cisco Employee
Cisco Employee
In response to trustcisco

‎01-11-2010 05:57 PM 

Bittorrent is a tricky P2P application. It tunnel through HTTP and randomly changes the port. So there isn't a way to use the ASA
a clean way to stop this.

We might be better off using an IPS module or may be use NBAR on a router as well as with a url filtering server.  
 
However, you can try blocking the ports this application uses, which are ports 6881 to 6999. For instance:
 
access-list inside_in deny tcp any any range 6881 6999
access-list inside_in permit ip any any
access-group inside_in in interface inside
 
 
You can also try using the following configuration to block P2P applications on the firewall. 
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c38a6.shtml#config2

I hope hit helps.

PK
0 Helpful

vilaxmi
Cisco Employee
Cisco Employee

‎01-11-2010 08:36 PM

Hello,

True ASA can not do deep packet inspections, so BITTorrents could be better blocked using AIP-SSM or CSC-SSM security modules or some third party solution for the same. And again, since they tend to change ports during the session, it maybe difficult to keep track of ports they will be using, so I am not sure if blocking the ports via ACL is going to help us, nevertheless its worth a lab test.

Thanks,

Vijaya

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card