[c-nsp] ACL to limit/block ptp traffic?

Rubens Kuhl Jr. rubensk at gmail.com
Thu Feb 9 09:42:09 EST 2006


Cisco calls it NBAR:
http://www.cisco.com/en/US/products/ps6616/products_ios_protocol_group_home.html

Check those pages to see if you hardware/software version/software
license allows you to do what you want.

But as for P2P using port 80, you could try validating the use of HTTP
either with NBAR or by redirecting to a proxy, and blocking all
non-HTTP traffic on that port. This gives some head-start, but beware
that traffic management of P2P is an arms race. Netflow and proper
tools are suggested to measure how things are going.


Rubens


On 2/9/06, Melvin C. Etheridge <mele at enia.net> wrote:
> What IOS allows you to block ptp (kaaza, etc...) traffic via the tcp header?
>
> I have alot of them using port 80 now I have got to try something else
> besides just port blocking.
>
> TIA
>
> MEl
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>



More information about the cisco-nsp mailing list