Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Blocking ARES P2P traffic with PIX 7.0x

Our campus policy for dorms(college) is to not allow inbound connections, however it appears the latest version of ARES gets around that.

We can now identify traffic as the start of a new connection as:

The connect packets are always 46 bytes long, and start with the first few bytes of "|03 00 5a xx 05|" in hex.

Can we block this at the PIX?

Don't have an IPS inline at this time.

1 REPLY
Silver

Re: Blocking ARES P2P traffic with PIX 7.0x

220
Views
0
Helpful
1
Replies
CreatePlease to create content