Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Need some help Blocking File sharing / Chat programs

Here's what i have: Cisco 1720 with T-1 speed coming in over a WIC-1ENET. IOS ver. 12.2(11)T10

The problem that I have right now on my network is people using both file sharing and chat programs. Later this year I'll be getting a PIX but for right now my only choice for stopping this type of traffic is ACL's. I can't seem to find a good example that I can use in my router.

Someone out there has had to have run across this before.

Any help will be welcome!!

Afish6969

Network admin for a blood sucking insurance company

4 REPLIES
New Member

Re: Need some help Blocking File sharing / Chat programs

As you didn't specify the file sharing and chat programs, it is a bit hard to help. You can enable NBAR to build a profile of the application traffic from which you can build an ACL.

Also, if you have IOS FW check and see if CBAC provides support for the protocols you are trying to combat.

New Member

Re: Need some help Blocking File sharing / Chat programs

You're right I didn't specify the programs. Here's what I have found: AIM, Yahoo, MSN messenger, and Kazaa seem to be the main ones. If possible I would like to block any chat program but I don't think there is a "catch all" way to do it.

I went to a P/C that had MSN and Yahoo going at the same time. I did a netstat -a and got this:

TCP pc034:2303 baym-cs108.msgr.hotmail.com:1863 ESTABLISHED

TCP pc034:2304 65.54.131.249:https TIME_WAIT TCP pc034:2360 cs15.msg.dcn.yahoo.com:5050 ESTABLISHED

TCP pc034:2361 dl2.yahoo.com:http TIME_WAIT

How should I go about blocking it? From the inside out or the outside in? Can you block by domain name?

Thanks for your reply,

Afish6969

New Member

Re: Need some help Blocking File sharing / Chat programs

Well, identifying the apps is the first step. Next I would search Google/CCO for relevant information such as ports used, these apps sometimes pick from a range of ports.

I would block at the edge of the network outbound if possible, so the client applications cannot even initiate a connection to the servers. In the past, I have relied on IDS for this functionality as it is very flexible, sending RST and redirecting to a company website explaining that this type of use is prohibited.

New Member

Re: Need some help Blocking File sharing / Chat programs

Thanks for all the help. The whole process has been a learning experience.

191
Views
0
Helpful
4
Replies