Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

NBAR question

Let's say I do this on my network:

class-map bittorrent

match protocol bittorrent

!

policy-map Outside

class bittorrent

drop

If someone changed their default bittorrent port, for example to port 80, would this circumvent detection?

If I then use "ip nbar port-map bittorrent tcp 80" to change the port monitored for bittorrent, doesn't this negate the purpose of NBAR - ie. to look further into the packet than just the port number in order to recognise traffic?

1 REPLY
Bronze

Re: NBAR question

The NBAR approach is useful in dealing with malicious software using known ports to fake being "priority traffic",

as well as non-standard applications using dynamic ports.

Below link which help you for the configuration of NBAR :

http://www.cisco.com/warp/public/63/nbar_acl_codered.shtml

113
Views
0
Helpful
1
Replies
CreatePlease to create content