From: Philip Neeson (Philip.Neeson@uk.didata.com)
Date: Wed Oct 30 2002 - 13:46:18 GMT-3
I did a lot of work with this and NBAR on both a 7200 and MSFC. Works
very well, we currently filter out fasttrack, guntella and napster on a
7200 attached to the Internet via 10MB. It works a treat, no performance
hit, fantastic.
Watch-out there are new variants of fasttrack out there that use random
source and destination ports.. In this case NBAR woun't work..
Cisco are working on this but woun't say any more..
Philip.
-----Original Message-----
From: Chuck Church [mailto:cchurch@MAGNACOM.com]
Sent: Wed 30/10/2002 15:05
To: 'Kurt Kruegel'
Cc: 'Groupstudy ccielab list'
Subject: RE: dealing with fastrack (Kazaa et.al.)
Kurt,
Interesting you should mention that. The customer did ask
about using
that, as many of the other SUNY schools us it for just that
purpose. But
since they've got some heavy duty equipment (6509 with dual
MSFC2 serving
2000 workstations), I figure I'd try the Cisco way first. How
are the
routers working out for you?
Chuck Church
CCIE #8776, MCNE, MCSE
Sr. Network Engineer
Magnacom Technologies
140 N. Rt. 303
Valley Cottage, NY 10989
845-267-4000
-----Original Message-----
From: Kurt Kruegel [mailto:kurt@cybernex.net]
Sent: Tuesday, October 29, 2002 11:16 PM
To: Chuck Church
Cc: 'Groupstudy ccielab list'
Subject: Re: dealing with fastrack (Kazaa et.al.)
look up packeteer it's not a cisco product, but i've heard good
things about
it
from
somone who manages a division 1 school's network.
Chuck Church wrote:
> All,
>
> Just as a followup, I've been messing around with this
a bunch the
> last week or so as I've got a customer (a community college)
looking to
> block this stuff. The mainline 12.2 versions seem to be able
to do this,
> and even some newer 12.1 versions. They've modularized it, so
you can add
a
> protocol definition file (search CCO for PDLM files) to cover
new apps
> without a fullblown IOS upgrade or even a reload of the
router. It seems
> that Cisco is really going nuts with the QOS options available
these days.
> Cool stuff to learn...
>
> Chuck Church
> CCIE #8776, MCNE, MCSE
> Sr. Network Engineer
> Magnacom Technologies
> 140 N. Rt. 303
> Valley Cottage, NY 10989
> 845-267-4000
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On
Behalf Of
> Frank Jimenez
> Sent: Thursday, September 26, 2002 4:16 AM
> To: Chuck Church; 'McClure, Allen'; 'Carlos G Mendioroz';
'Groupstudy
> ccielab list'
> Subject: RE: dealing with fastrack (Kazaa et.al.)
>
> IIRC, You need to use a fairly new IOS load to make that work.
12.2(8)T
>
>
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft
> /122t/122t8/dtnbarad.htm
>
> Frank Jimenez, CCIE #5738
> franjime@cisco.com
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
Behalf Of
> Chuck Church
> Sent: Wednesday, September 25, 2002 5:42 PM
> To: 'McClure, Allen'; 'Carlos G Mendioroz'; 'Groupstudy
ccielab list'
> Subject: RE: dealing with fastrack (Kazaa et.al.)
>
> I tried to get NBAR to work against streaming radio stations
using media
> player. I looked at the packet headers with Sniffer, and set
the DSCP
> to that. But it never seemed to work correctly. If anyone
got it to
> work, I'd like to see how it's done.
>
> Thanks,
>
> Chuck Church
> CCIE #8776, MCNE, MCSE
> Sr. Network Engineer
> Magnacom Technologies
> 140 N. Rt. 303
> Valley Cottage, NY 10989
> 845-267-4000
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On
Behalf Of
> McClure, Allen
> Sent: Wednesday, September 25, 2002 4:56 PM
> To: Carlos G Mendioroz; Groupstudy ccielab list
> Subject: RE: dealing with fastrack (Kazaa et.al.)
>
> You may wish to look into NBAR. We're thinking about using it
for the
> peer-to-peer junk.
>
> Allen McClure
> MCSE, CCNP, CCDP
> YUM! Brands, Inc.
> Sr. Network Analyst
> NEW E-Mail - mailto:allen.mcclure@yum.com
> 972-338-7494
>
> -----Original Message-----
> From: Carlos G Mendioroz [mailto:tron@huapi.ba.ar]
> Sent: Wednesday, September 25, 2002 3:32 PM
> To: Groupstudy ccielab list
> Subject: OT: dealing with fastrack (Kazaa et.al.)
>
> Hi,
> after a long time of chasing local servers on different ports
and using
> CAR to make it a pain to use those pesty peer to peer
programs, I'm
> trying to automatize the thing.
>
> Basically I want to find who has fasttrack (snort or the like
triggering
> on port 1214 activity) and make a list, then dynamically build
an ACL to
> CAR all traffic from/to those stations into a small pipe. End
result
> would be "if you use it, your network access rate will be
poor".
>
> Question: has anybody got a way to program ACLs from a unix
box (via a
> script)
> in a secure way ? Is there a way to use SNMP to do this ?
>
> Advise on any solution to the fastrack net hogging problem is
> appreciated.
> Note: My network policy does not allow me to kill port 1214
:-(
>
> TIA
> --
> Carlos G Mendioroz <tron@huapi.ba.ar> LW7 EQI Argentina
>
> This communication is confidential and may be legally
privileged. If
> you are not the intended recipient, (i) please do not read or
disclose
> to others, (ii) please notify the sender by reply mail, and
(iii) please
> delete this communication from your system. Failure to follow
this
> process may be unlawful. Thank you for your cooperation.
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote also confirms that this email message has been swept by
Dimension Data mail system for the presence of computer viruses.
www.uk.didata.com
**********************************************************************
This archive was generated by hypermail 2.1.4 : Tue Nov 05 2002 - 08:35:59 GMT-3