RE: How can I block Yahoo messanger in Cisco IOS ?

From: Tyson Scott (tscott@ipexpert.com)
Date: Tue Feb 17 2009 - 12:20:07 ARST

• Next message: ftt: "Re: 101101111110111 -->> I'm in the "Club""
• Previous message: John Ciccone: "Block RFC 1918 Addresses"
• Maybe in reply to: Shahnawaz Khot: "How can I block Yahoo messanger in Cisco IOS ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Shahnawaz,

You can also use the appfw feature of CBAC deep http inspection.

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps8802/ps6947/ps5207/ps6
242/prod_white_paper0900aecd802efa46_ps1018_Products_White_Paper.html

FPM requires at least 12.4T train to work but is a cool option.

Last you have zone based firewalls. With zone based firewalls you can use a
protocol-info parameter map to block this traffic. It is specifically
written to recognize instant messaging applications.

Here is the protocol-info parameter map link, also requires 12.4T
http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_zone_po
lcy_firew_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1055511

Scroll to the top to see the complete configuration guide for zone based
firewalls.

Regards,
 
Tyson Scott - CCIE #13513 R&S and Security
Technical Instructor - IPexpert, Inc.

Telephone: +1.810.326.1444
Cell: +1.248.504.7309
Fax: +1.810.454.0130
Mailto: tscott@ipexpert.com
 

 
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Alexei Monastyrnyi
Sent: Tuesday, February 17, 2009 7:47 AM
To: Shahnawaz Khot
Cc: Cisco certification
Subject: Re: How can I block Yahoo messanger in Cisco IOS ?

Hi.

First thing which comes to mind is Cisco FPM,
check here for Skype blocking example, thanks to Joe (I don't really
know why Cisco has chosen Skype for example, I personally like Skype. :-) ):
http://6200networks.com/2007/10/11/block-skype-using-ios/

Another example staying in line (though not exactly IOS implementation)
is PIX/ASA blocking IM and P2P traffic:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example091
86a00808c38a6.shtml

And you can also check the latest PDLMs for NBAR in case there is a
protocol matching for IM protocols.

HTH
A.

Shahnawaz Khot wrote:
> Hello experts,
>
> How can I block Yahoo messanger in Cisco IOS ? Your expert suggesions are
> highly appreciated.
>
> Thanks
> Shahnawaz
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: ftt: "Re: 101101111110111 -->> I'm in the "Club""
• Previous message: John Ciccone: "Block RFC 1918 Addresses"
• Maybe in reply to: Shahnawaz Khot: "How can I block Yahoo messanger in Cisco IOS ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:44:11 ARST