RE: using nbar to block p2p real world examples ?

From: Brian McGahan (bmcgahan@internetworkexpert.com)
Date: Tue Nov 23 2004 - 16:23:52 GMT-3

• Next message: Brian McGahan: "RE: Using IOS to generate a specific volume of traffic"
• Previous message: Hoang Duc Phuong: "RE: IPv6 books"
• Maybe in reply to: Kurt Kruegel: "using nbar to block p2p real world examples ?"
• Next in thread: Church, Chuck: "RE: using nbar to block p2p real world examples ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Chuck,

        Like this:

class-map match-any fileshare1
  match protocol fasttrack
  match protocol kazaa2
  match protocol napster
  match protocol gnutella
  match protocol edonkey
  match protocol winmx
  match protocol bittorrent
!
policy-map drop-fileshare
  class fileshare1
   drop

        It null routes the traffic without having to use policing to do
so. This of course is assuming you want none of the above traffic
transiting the router.

        It may actually be more fun to police them all to 8Kbps and
frustrate the users into stopping using the apps ;)

Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com

Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
24/7 Support: http://forum.internetworkexpert.com
Live Chat: http://www.internetworkexpert.com/chat/

> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> Church, Chuck
> Sent: Tuesday, November 23, 2004 12:35 PM
> To: Brian McGahan; Kurt Kruegel; ccielab@groupstudy.com
> Subject: RE: using nbar to block p2p real world examples ?
>
> Good point Brian. Here's a config from a 1700 that does it that way.
>
>
------------------------------------------------------------------------
> ----------
> version 12.2
> !
> ip nbar pdlm flash:kazaa2.pdlm
> ip nbar pdlm flash:edonkey.pdlm
> ip nbar pdlm flash:WinMX.pdlm
> ip nbar pdlm flash:bittorrent.pdlm
> !
> ip nbar port-map netbios udp 137 138 445
> ip nbar port-map netbios tcp 137 139 445
> !
> ip cef
> !
> class-map match-any fileshare2
> match protocol kazaa2 file-transfer "*"
> match protocol napster non-std
> match protocol fasttrack file-transfer "*"
> match protocol gnutella file-transfer "*"
> match protocol http url "\.hash=*"
> match protocol http url "/.hash=*"
> class-map match-any fileshare1
> match protocol fasttrack
> match protocol kazaa2
> match protocol napster
> match protocol gnutella
> match protocol edonkey
> match protocol winmx
> match protocol bittorrent
> class-map match-any DOS-MS-Worm
> match protocol netbios
> match protocol exchange
> class-map match-any DOS-ICMP
> match protocol icmp
> !
> policy-map limit-ether-in
> class fileshare1
> police cir 16000 bc 1000 be 2000
> conform-action transmit
> exceed-action drop
> class fileshare2
> police cir 16000 bc 1000 be 2000
> conform-action transmit
> exceed-action drop
> class DOS-MS-Worm
> police cir 8000
> conform-action drop
> exceed-action drop
> class DOS-ICMP
> police cir 16000 bc 1000 be 2000
> conform-action transmit
> exceed-action drop
> !
> policy-map limit-ether-out
> class fileshare1
> shape average 42000
> class fileshare2
> shape average 42000
> class DOS-MS-Worm
> police cir 8000
> conform-action drop
> exceed-action drop
> class DOS-ICMP
> police cir 16000 bc 1000 be 2000
> conform-action transmit
> exceed-action drop
> !
> !
> interface FastEthernet0
> ip address 192.168.0.5 255.255.255.0
> service-policy input limit-ether-in
> service-policy output limit-ether-out
> !
>
>
------------------------------------------------------------------------
> ---------------------
>
> Chuck Church
> Lead Design Engineer
> CCIE #8776, MCNE, MCSE
> Netco Government Services - Design & Implementation
> 1210 N. Parker Rd.
> Greenville, SC 29609
> Home office: 864-335-9473
> Cell: 703-819-3495
> cchurch@netcogov.com
> PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4371A48D
>
>
> -----Original Message-----
> From: Brian McGahan [mailto:bmcgahan@internetworkexpert.com]
> Sent: Tuesday, November 23, 2004 12:21 PM
> To: Church, Chuck; Kurt Kruegel; ccielab@groupstudy.com
> Subject: RE: using nbar to block p2p real world examples ?
>
> Kurt,
>
> In Chuck's case he is rate-limiting the traffic. If you want to
> just drop the traffic completely use the "drop" keyword in the
> policy-map if your IOS supports it. This saves the router the step of
> having to do a routing table lookup, switch the packet, and then drop
it
> at the interface level.
>
>
http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_
> guide09186a0080110b81.html
>
>
> HTH,
>
> Brian McGahan, CCIE #8593
> bmcgahan@internetworkexpert.com
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987 x 705
> Outside US: 775-826-4344 x 705
> 24/7 Support: http://forum.internetworkexpert.com
> Live Chat: http://www.internetworkexpert.com/chat/
>
>

• Next message: Brian McGahan: "RE: Using IOS to generate a specific volume of traffic"
• Previous message: Hoang Duc Phuong: "RE: IPv6 books"
• Maybe in reply to: Kurt Kruegel: "using nbar to block p2p real world examples ?"
• Next in thread: Church, Chuck: "RE: using nbar to block p2p real world examples ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Dec 02 2004 - 06:57:49 GMT-3