Blocking p2p application traffic and tunneling

Similar Messages

• How to block p2p applications(Bittorent like) with AIP-SSM-10?

  Hi,
  How to block p2p application using AIP-SSM-10 working with ASA5520?AIP is on promiscuous mode.
  Thanks,
  Siva

  There are several signatures that detect p2p, for bit torrent there is 11020.0
  Yahoo triggers: 5539.0, 11200.0, 11212.0, 11217.0 & 11219.0
  etc..
  Some are disabled by default though so please ensure you enable the ones that you need.
  If you want to block these then you will have to use event actions that work in promiscuous setup for example request block connection and tcp reset. Please note that care must be taken when using these event actions.
  For more information about the event actions please refer the link below:
  http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids12/idmguide/dmevtrul.htm#wp1069467

• Want to block P2P application using ASA5540

  I want to block P2P application & IM using ASA with IPS built-in. I dont wanna use the ACL for all the ports because most of the P2P application using dynamic ports.

  Aamir,
  You can do this using the application layer inspection on the firewall.
  Please take a look at the configuration guide given below.
  http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/conf_gd/firewall/inspect.htm#wp1479354
  Rate this post, if it helps.
  Cheers
  Gilbert

• Block all incoming traffic and Active FTP

  Will setting the firewall to Block all incoming traffic break Active FTP Connections?
  The firewall will normally dynamically create exceptions for the Connection using the Application Layer Gateway, but will the profile override these?

  Hi TribleTrouble,
  Do you have any issue about FTP active mode?
  If the clients are part of your domain, push the FTP firewall rules via GPO to your clients allowing FTP inbound sockets
  netsh advfirewall firewall add rule name="File Transfer Program" protocol=TCP profile=domain Program=C:\Windows\System32\ftp.exe dir=in action=allow
  netsh advfirewall firewall add rule name="File Transfer Program" protocol=UDP profile=domain Program=C:\Windows\System32\ftp.exe dir=in action=allow
  For Windows 7, the entire networking stack was rewritten and several security measures were taken to further secure Windows.
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Blocking P2P applications on WRT300N (V1)

  Hello, I am currently using a WRT300n V1 with firmware version 1.03.6. Having trouble with my room mate downloading a hell lot of stuff using bittorrent. I talked to him but he refuse to stop. I play an online game and i am getting 1000+ ping which makes it impossible to play. I tried a lot of things, including Access restrictions etc. They don't seem to work. I am using the wireless, while he is connected to port 1. I tried lowering the qos on port1 to low. Nothing seems to work. Is it something wrong with the firmware? Any help would be appreciated. Last option is to get a new connection for myself.

  Flat out doesn't work.  It's an all or nothing affair.  Either you block complete internet access between the hours noted or all days, or it's complete access to everything.  The router cannot block specific ports even though it claims it can. 

• How do I prevent mackeeper and zillions of other popups?  I have popups blocked in my settings and don't have mac keeper as an application.  Thanks!

  My MacBook Air (OS Yosemite 10.10.1) is overwhelmed with popups.  Mackeeper is the most offensive, but there are others as well.  I have popups blocked in my settings and do not have Mackeeper in my applications. 

  There is no need to download anything to solve this problem. You may have installed a variant of the "VSearch" ad-injection malware.
  Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination  command-C:
  /Library/LaunchDaemons
  In the Finder, select
            Go ▹ Go to Folder...
  from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.
  A folder named "LaunchDaemons" may open. Look inside it for a file with a name of the form
            com.something.daemon.plist
  Here something is a variable word, which can be different in each case. It could be "cloud," "dot," "highway," "submarine," "trusteddownloads," or pretty much anything else.
  There may also be a file named
             com.something.helper.plist
  in the same folder.
  Leave the LaunchDaemons folder open, and open the following folder in the same way:
  /Library/LaunchAgents
  In this folder, there may be a file named
            com.something.agent.plist
  where the word something is exactly the same as before.
  If you feel confident that you've identified these three files, back up all data, then drag the three files you found to the Trash. You may be prompted for your administrator login password. Close the windows and restart the computer.
  Don't delete the "LaunchAgents" or "LaunchDaemons" folder or anything else inside either one.
  The malware is now permanently inactivated, as long as you never reinstall it. You can stop here if you like, or you can remove two remaining components for the sake of completeness.
  Open this folder:
  /Library/Application Support
  If it has a subfolder named just
             something
  (where something is the same word as before), drag that subfolder to the Trash and close the window.
  Don't delete the "Application Support" folder or anything else inside it.
  Finally, in this folder:
  /System/Library/Frameworks
  there may an item named exactly
              v.framework
  It's actually another folder, though it has a different icon. Drag it to the Trash and close the window.
  Don't delete the "Frameworks" folder or anything else inside it.
  If you didn't find the files or you're not sure about the identification, post what you found.
  If in doubt, or if you have no backups, change nothing at all.
  The trouble may have started when you downloaded and ran an application called "MPlayerX." That's the name of a legitimate free movie player, but the name is also used fraudulently to distribute VSearch. If there is an item with that name in the Applications folder, delete it, and if you wish, replace it with the genuine article from mplayerx.org.
  This trojan is often found on illegal websites that traffic in pirated content such as movies. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect more of the same, and worse, to follow. Never install any software that you downloaded from a bittorrent, or that was downloaded by someone else from an unknown source.
  In the Security & Privacy pane of System Preferences, select the General tab. The radio button marked Anywhere  should not be selected. If it is, click the lock icon to unlock the settings, then select one of the other buttons. After that, don't ignore a warning that you are about to run or install an application from an unknown developer.
  Then, still in System Preferences, open the App Store or Software Update pane and check the box marked
            Install system data files and security updates (OS X 10.10 or later)
  or
            Download updates automatically (OS X 10.9 or earlier)
  if it's not already checked.

• Howto block p2p traffic of clients connected to the same ssid on different wlc

  Hi all,
  I use two wlc 4400 (4.2.x version) with a mobility domain and one ssid, both wlc are connected to a cisco l2 switch infrastructure. On the wlc I use the p2p blocking action 'drop' (http://www.cisco.com/en/US/docs/wireless/controller/5.2/configuration/guide/c52wlan.html#wp1209597) to isolate the clients from each other. Does anybody know if only unicast traffic is blocked or also multicast and broadcast traffic like arp requests?
  Concerning blocking p2p traffic of clients connected to the same ssid but different controllers I found the following statement in the LAP FAQs (http://www.cisco.com/en/US/products/hw/wireless/ps430/products_qanda_item09186a00806a4da3.shtml):
  ===
  Q. In autonomous APs, Public Secure Packet Forwarding (PSPF) is used to avoid client devices associated to this AP from inadvertently sharing files with other client devices on the wireless network. Is there any equivalent feature in Lightweight APs?
  A. The feature or the mode that performs the similar function of PSPF in lightweight architecture is called peer-to-peer blocking mode. Peer-to-peer blocking mode is actually available with the controllers that manage the LAP. If this mode is disabled on the controller (which is the default setting), it allows the wireless clients to communicate with each other through the controller. If the mode is enabled, it blocks the communication between clients through the controller. It only works among the APs that have joined to the same controller. When enabled, this mode does not block wireless clients terminated on one controller from the ability to get to wireless clients terminated on a different controller, even in the same mobility group.
  ===
  Does anybody know what's the best practise to prevent this inter wlc client traffic? I already read about using acls on the wlc dynamic interfaces, or private vlans on the l2 switch vlans where the dynamic interfaces are connected to. Is it allowed to completely isolate the wlc from each other on these dynamic interfaces with acls or private vlans or do the wlc need to see each other on this interfaces (e.g. heart beat)?
  Many thanks in advance,
  Thorsten

  Hi Sasha,Thorsten
  The bug is Junked and I believe which is what you are running into with your tests:
  CSCtr60787    WLC P2P Blocking Set to Forward-UpStream Doesn't Work.
  Bugtoolkit : http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searchBugs
  To answer your original query :
  ACL is only solution to block client communication on same ssid between 2 wlcs. 5508 works better with ACLs then 44xx platform.
  ARP requests will be forwarded to upstream router just like any other traffic. WLC won't proxy arp for clients on same vlan.
  Gateway arp's I believe should be handled by WLC . ( Don't quote me on this but I am pretty sure it is ) ..If it was not, then how would client know about gw ?
  Multicast traffic is not applicable for p2p.
  Your ACL can be as simple as this for the scenario :
  WLC 1 - clientvlan = 10
  WLC 2 - clientvlan = 10
  and you want to restrict users from wlc1-wlc1, wlc1-wlc2, wlc2-wlc2 for same vlan10.
  Basically in that case the ACL should look like on both WLCs :
  1. Permit statement to talk to gateway.
  2. Deny to subnet.
  3. Permit all.
  4. If DHCP/DNS other services are on same subnet then you would need to add a permit
  statement before the deny.
  5. Attach the ACL to SSID or dymanic interface.
  Thanks..Salil
  CSCtr60787    WLC P2P Blocking Set to Forward-UpStream Doesn't Work.

• Modal dialog limiting the mouse pointer and blocking all application

  I wanted to create a modal dialog that blocks all application in my desktop. Only password field be present and exits only if correct password is typed. I also wanted to limit the mouse pointer within the window of the modal dialog. Will that be possible? i have read modality feature of Mustang(beta) and notes there that system modality is not included. Can anybody there give me an idea how to do tricks on blocking all applications of the desktop? I will be much grateful to anybody who could solve this problem. Thnx in advance...

  tnx Sarcommand ..i give up on that, i understand the risk if that feature is included..
  all i wanted is to make an internet cafe client/server that blocks the client's pc interaction if log time is reached.blocking only the keyboard and mouse.
  i have seen so many softwares sets the cursor position within the dialog bounding box only with user and password there. though my other application runs the mouse is still captured on the dialog even the dialog lost focus.
  if that would not be possible I'll just send notification to the client, a dialog that does not block any application.
  now, im going to try if the client can do som action whenever the server sends alert if the client java app is not the focus. i will post next time what hapens.but if you tried already, if u dont mind posting it so others could know it also..
  tnx so much Sarcommand..

• Re: WRT160Nv2 - how to block "Torrent application"and website

  Dear sir,
  I want to know  is it possible to block "Torrent Application" and Torrent Related web site Please help me..
  Regards
  Thomas.

  You can use the feature "Access Restriction" on the router to block some application or website you want.

• Blocking p2p on router 877

  Hi,
  Can anyone suggest how can I effectively block p2p traffic like Ares, Limewire or other with Cisco IOS 12.4(6) or higher? I tried NBAR but I guess there is no PDLM available for Ares for instance.
  Many thanks for any suggestions.
  Remi

  Hi,
  to block p2p traffic you need to block all ports except these you really need.
  For example block all ports except http, https, smtp, pop3, dns.
  Becouse some of the p2p applications use port 80 to connect there is an options in firewall(classic or Zone-Based Policy Firewall) called protocol-violation and port-missue!
  This options prevent non-HTTP traffic over port 80.
  For Zone-Based Firewall reffer to this link:
  http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00808bc994.shtml

• P2P applications

  Hi,
  I have a cisco 2811 router with advanced security IOS (Attached config). I want to block or give the least priority to P2P traffic and give high priority to other applications like http,https,smtp,voice chat, webcam etc since its a military camp and soldiers want to be in touch with their families. I am a CCNA and on my way to CCNP so I have a fair amount of exposures to cisco but I have never tried this.
  How do I go about achieving the above?
  Regards
  Sarfaraz

  Cisco IOS Firewall enhances protection against network worms, HTTP vulnerabilities, and buffer overflows with HTTP Application Inspection (AI). New P2P (Peer to Peer) control capabilities support blocking or rate limiting these protocols for increased network availability and tighter network usage control. Cisco IOS Firewall also introduces session limits for inspected traffic to defend against DoS attacks and enable control of network resource utilization.

• Block P2P software using ASA-AIP-SSM-20 module

  Hello,
  I have got a question about blocking P2P traffic on ASA AIP module. I have searched the forums and all I could find were solutions using regex, port block, MPF, but no AIP implementation example.
  Could anyone point me in the right direction please ?
  Many thanks,
        Martin

  Hello Paps,
  Many thanks for your reply. I was searching the web like crazy for some solutions using IPS and it never occured to me that I could just simply look for the signature files on Cisco website.
  Thank you very much again
  With regards,
             Martin

• Application Visibility And Control Bittorrent

  Hello,
  I can use the Application Visibility And Control does not block the traffic from Bittorrent? Or have I misunderstood?
  However, I have on my WLC 2504 that configures goes Bittorrent still.
  Regards

  Here is the protocol list supported in NBAR2
  http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6558/ps6616/product_bulletin_c25-627831.html
  I can see "bittorrent", "encrypted-bittorrent", "bittorrent-networking" as recognised protocol in the list, but nothing for utorrent.
  From WLC code 7.5 onwards you can update these protocol packs on your controller (see below for more detail)
  http://www.cisco.com/en/US/docs/wireless/controller/technotes/7.5/AVC_dg7point5.html
  Protocol pack 4.1.1 is the latest for 7.5 code. Here is the more information about it.
  http://www.cisco.com/en/US/docs/wireless/controller/nbar2_prot_pack/4.1.1/b_nbar2_prot_pack_411.html
  Latest protocol pack (pp-AIR-7.6-13-6.3.0.pack) is available for 7.6 code version if you would like to test it out.

• RV110W Blocks all inbound traffic

  I have a RV110W that's been in service since Dec 2012. All Everything is working fine except every month or so the firewall starts blocking all inbound traffic. It does not respond to remote management access. If I reboot the firewall (pwr off/on) everything works correctly for the next month or so and then it begins blocking all inbound traffic again. Local access to the Internet and VPN tunneling are not affected. When it's working, all my rules and port forwarding work correctly. Anybody seen this before?

  Hi David,
  Please call the Small Business Support Center and speak with an engineer. The phone numbers for the support center is located here: https://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html
  Regards,
  Cindy Toy
  Cisco Small Business Community Manager
  for Cisco Small Business Products
  www.cisco.com/go/smallbizsupport
  twitter: CiscoSBsupport

• How to block ultrsurf application.

  Dear All,
  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin-top:0in;
  mso-para-margin-right:0in;
  mso-para-margin-bottom:10.0pt;
  mso-para-margin-left:0in;
  line-height:115%;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;
  mso-bidi-font-family:Arial;
  mso-bidi-theme-font:minor-bidi;}
  Dear All,
  How can I block Ultrasurf Application?
  I have configured Cisco ASA 5520 with Cisco CSC-SSM module.
  I have blocked everything Except Business and banking activities.
  But user can access A 2 Z traffic  through Ultrasurf.exe application. which bypasses all possible firewalls.
  How can I blocked this application?
  Any solution??????????????
  Thanks
  I.A

  Hello Eric,
  Sorry, for not updating the post recently. I resolved the issue.
  I created a custom url category, created a decryption policy and put the action "Decrypt" for this custom url category as mentioned in the kb article.
  I put the action Decrypt also for the uncategorized urls and tested it for a user standing only in one AD group. It worked. The skype traffic was blocked.
  It worked also when I excluded this custom url category from this decryption policy and put only the "Decrypt" action for uncategorized urls.
  Thank you for all your support Eric,
  Have a great day
  Ilir