Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
460
Views
0
Helpful
2
Replies

Blocking Kazaa2 NBAR

george.goebel
Level 1
Level 1

‎10-17-2003 01:13 PM - edited ‎03-09-2019 05:11 AM

I have read post where people have been successful slowing down these file share programs with NBAR. I have configured this on our router. It doesn't work for whatever reason. Here is the config I'm using.

Cisco 7200 Router IOS version 12.2(11)T2

Policy Map StopP2P

Class P2P

police cir 8000 bc 1500 be 1500

conform-action drop

exceed-action drop

violate-action drop

Class Map match-any P2P (id 2)

Match protocol fasttrack

Match protocol gnutella

Match protocol kazaa2

I've tried the filetransfer * too. When I test it, I can view the Policy Map on the interface and I see some hits, but many of the downloads are far faster than 8000 bits.

Service-policy input: StopP2P

Class-map: P2P (match-any)

339 packets, 104200 bytes

30 second offered rate 1000 bps, drop rate 1000 bps

Match: protocol fasttrack

90 packets, 8338 bytes

30 second rate 0 bps

Match: protocol kazaa2

249 packets, 95862 bytes

30 second rate 1000 bps

Match: protocol gnutella

0 packets, 0 bytes

30 second rate 0 bps

police:

cir 8000 bps, bc 1500 bytes, be 1500 bytes

conformed 316 packets, 73088 bytes; actions:

drop

exceeded 7 packets, 9103 bytes; actions:

drop

violated 16 packets, 22009 bytes; actions:

drop

conformed 1000 bps, exceed 0 bps, violate 0 bps

Class-map: class-default (match-any)

651544 packets, 274779782 bytes

30 second offered rate 3416000 bps, drop rate 0 bps

Match: any

Any help would be greatly appreciated. Thanks.

Labels:
0 Helpful
2 Replies 2

owillins
Level 6
Level 6

‎10-22-2003 11:57 AM

You could capture the output of "show pol int" to see if the kazaa2 packets are being classified. If you don't see any packets being classified, we need to find out if kazaa2 packets are getting to the router.

0 Helpful

george.goebel
Level 1
Level 1
In response to owillins

‎10-22-2003 01:29 PM

Thanks for the reply. Actually, it is working and was when I started the thread. I didn't think it was working because sometimes I could get a download depending on which fileshare program I tried. Come to find out, the pdlm files are being updated by Cisco and should be released around this December. They are being updated to detect the new versions of Kazaa and Imesh. That's what I was told. So the NBAR is currently working as designed.

0 Helpful
Customers Also Viewed These Support Documents