Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Bronze

AIPSSM - Block MSN file transfer with signature not working

I have an ASA firewall with AIP-SSM module, i've configured in the application policy an access-list sending everything to IPS.

In the IPS I enabled the signature 11246 that matches MSN file transfer and set the signature to deny packet inline.

When I use MSN to transfer some file the log of IPS says "deny" for action, but the file is transferred normaly and I want it to be denyed

some idea?

2 REPLIES
Bronze

Re: AIPSSM - Block MSN file transfer with signature not working

MSN file transfer works over the MSN Messenger Activity. To block the file transfer effectively you will need to block the messenger activity in your case. If you are sending the traffic to the IPS, and can see hits for the signature 11201 "MSN Messenger Activity" and if you only want to block this for certain IP addresses then the solution to your problem is to use 'Event Action Filters' for the existing Signature 11201.

Bronze

Re: AIPSSM - Block MSN file transfer with signature not working

Hi, thanks but i want to block only the file transfer activity over msn not the msn at all.

179
Views
0
Helpful
2
Replies