Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

How to block p2p applications(Bittorent like) with AIP-SSM-10?

Hi,

How to block p2p application using AIP-SSM-10 working with ASA5520?AIP is on promiscuous mode.

Thanks,

Siva

2 REPLIES
Community Member

Re: How to block p2p applications(Bittorent like) with AIP-SSM-1

hi siva for blocking p2p applications the ids or the ips doesn;t have inbuilt signature. u will have to cretae customs signatures for it.

but the easiest way to block them is to block them on the firewall itself. that;s the best and easiest way.

anyways the packet first hits the firewall and then the aip module then why not block it on the firewall itself.

regards

sebastan

Community Member

Re: How to block p2p applications(Bittorent like) with AIP-SSM-1

There are several signatures that detect p2p, for bit torrent there is 11020.0

Yahoo triggers: 5539.0, 11200.0, 11212.0, 11217.0 & 11219.0

etc..

Some are disabled by default though so please ensure you enable the ones that you need.

If you want to block these then you will have to use event actions that work in promiscuous setup for example request block connection and tcp reset. Please note that care must be taken when using these event actions.

For more information about the event actions please refer the link below:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids12/idmguide/dmevtrul.htm#wp1069467

461
Views
0
Helpful
2
Replies
CreatePlease to create content