Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

How to Block BitTorrent , Download-Manager through ASA

Hello Gus,

We have many clients who are misusing our company bandwidth by downloading files through BitTorrent and Download-Managers. i tried alot to block it but no luck.

Can anyone intruct me on how to block them on ASA device ?

Everyone's tags (4)
7 REPLIES
Hall of Fame Super Gold

How to Block BitTorrent , Download-Manager through ASA

You don't block them in the ASA.

You can use AD to block applications like BitTorrent and DM from running.

Community Member

How to Block BitTorrent , Download-Manager through ASA

hi

you can block bit torrent

http://wiki.wireshark.org/BitTorrent ---> you can use this guide for the tcp ports.

Ports range for Bit torrent

Bittorrent uses TCP to transfer files and UDP for searching.  It will  use port 80 if the default TCP ports 6881-6889,6969 and 8080 can not be  reached. Some bittorrent clients also support HTTP downloading.To  completely block BT, please block UDP port 1024-65534 in your router.

then make acl based on that and apply it

do rate if helpful.

Nitesh

Community Member

How to Block BitTorrent , Download-Manager through ASA

It is not working.

isn't there any other ways to block it through ASA ?    i dont have AD

Community Member

How to Block BitTorrent , Download-Manager through ASA

hi Iram,

regex bit-torrent-tracker ".*[Ii][Nn][Ff][Oo]_[Hh][Aa][Ss][Hh]=.*"

object-group service BitTorrent-Tracker tcp

description TCP Ports used by Bit Torrent for tracker communication

port-object eq 2710

port-object eq 6969

object-group service Blocked-UDP-Ports udp

description All ports blocked for Bit Torrent UDP DHT (all ephemeral ports except VPN encapsulation)

port-object range 10001 65535

port-object range 1024 9999

class-map type inspect http match-all bit-torrent-tracker

description Bit Torrent Tracker communication

match request args regex bit-torrent-tracker

match request method get

policy-map type inspect http Drop-P2P

description Drop protocol violations, Kazaa, gator and Bit Torrent Tracker traffic

parameters

  protocol-violation action log

class _default_gator

  drop-connection log

class _default_kazaa

  drop-connection log

class bit-torrent-tracker

  drop-connection log

policy-map global_policy

class inspection_default

  inspect http Drop-P2P

Thanks,

Nitesh

Please rate if helpful

Community Member

How to Block BitTorrent , Download-Manager through ASA

it is not working

Community Member

Re: How to Block BitTorrent , Download-Manager through ASA

did you apply the policy map or not??

or just copy pasted the configuration on top??

Community Member

Re: How to Block BitTorrent , Download-Manager through ASA

object-group service Blocked-UDP-Ports udp

description All ports blocked for Bit Torrent UDP DHT (all ephemeral ports except VPN encapsulation)

port-object range 10001 65535

port-object range 1024 9999

object-group service BitTorrent-Tracker tcp

description TCP Ports used by Bit Torrent for tracker communication

port-object eq 2710

port-object range 6881 6999

access-list inside_access_in extended deny udp any any object-group Blocked-UDP-Ports log warnings inactive

access-list inside_access_in extended deny tcp any any object-group BitTorrent-Tracker log warnings inactive

access-list inside_access_in extended permit tcp any any

Apply the access list in the inside interface it might need modifications depending on your configuration and its just a sample configuration

regex bit-torrent-tracker ".*[Ii][Nn][Ff][Oo]_[Hh][Aa][Ss][Hh]=.*"

class-map type inspect http match-all bit-torrent-tracker

description Bit Torrent Tracker communication

match request args regex bit-torrent-tracker

match request method get

policy-map type inspect http Drop-P2P

description Drop protocol violations Bit Torrent Tracker traffic

parameters

  protocol-violation action log

class bit-torrent-tracker

  drop-connection log

policy-map global_policy

class inspection_default

  inspect http Drop-P2P

21182
Views
0
Helpful
7
Replies
CreatePlease to create content