[c-nsp] [cisco-voip] how to block peer to peer and chat

Jorge Evangelista netsecuredata at gmail.com
Wed Jul 12 00:05:42 EDT 2006 

There are some links about how you can block with nbar, If you have a
IOS Firewall you can do it, you have to upload pdlm files in your
router, also you can try install ipp2p over Linux or  iptables
L7-filter

On 7/11/06, Chris Serafin <chris at chrisserafin.com> wrote:
> Search cisco for 'nbar p2p' and you should hit a link about using NBAR
> to find traff
> ic on dynamic ports and block or rate limit it.. Use the MQC approach on
> a policy map for that type of traffic. You can use PDLMs for p2p traffic
> and nmap match statements to cancel out traffic to the IM main servers,
> ie : *.blue.aol.com
>
> Chris Serafin
> IT Security / Cisco VoIP Engineer
> chris at chrisserafin.com
>
> Voll, Scott wrote:
> >
> > Good luck… you need something that can look into the packet for
> > that….. ports change if blocked.
> >
> > Look at netinforcer or packetshapers, etc.
> >
> > Scott
> >
> > ------------------------------------------------------------------------
> >
> > *From:* cisco-voip-bounces at puck.nether.net
> > [mailto:cisco-voip-bounces at puck.nether.net] *On Behalf Of *James Grace
> > *Sent:* Tuesday, July 11, 2006 11:35 AM
> > *To:* cisco-voip at puck.nether.net
> > *Subject:* [cisco-voip] how to block peer to peer and chat
> >
> > Can someone send me some examples on how to block peer to peer and
> > chat on my GW. My gw is going to be used for voice and data and just
> > want to keep unwanted traffic off
> >
> > James D. Grace
> >
> > **CCNP CCNA MCSE MCDBA**
> >
> > Sr. System Engineer / Professional Svc.
> >
> > **Digitel Corporation**
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > cisco-voip mailing list
> > cisco-voip at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-voip
> >
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>


-- 
"The network is the computer"

More information about the cisco-nsp mailing list