12-26-2006 02:45 PM - edited 03-10-2019 03:23 AM
Hi,
How to block p2p application using AIP-SSM-10 working with ASA5520?AIP is on promiscuous mode.
Thanks,
Siva
12-26-2006 03:56 PM
hi siva for blocking p2p applications the ids or the ips doesn;t have inbuilt signature. u will have to cretae customs signatures for it.
but the easiest way to block them is to block them on the firewall itself. that;s the best and easiest way.
anyways the packet first hits the firewall and then the aip module then why not block it on the firewall itself.
regards
sebastan
12-26-2006 05:56 PM
There are several signatures that detect p2p, for bit torrent there is 11020.0
Yahoo triggers: 5539.0, 11200.0, 11212.0, 11217.0 & 11219.0
etc..
Some are disabled by default though so please ensure you enable the ones that you need.
If you want to block these then you will have to use event actions that work in promiscuous setup for example request block connection and tcp reset. Please note that care must be taken when using these event actions.
For more information about the event actions please refer the link below:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids12/idmguide/dmevtrul.htm#wp1069467
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: