Re: Blocking Skype with IOS from Piotr Matusiak on 2009-09-10 (Ccielab archives 09/2009)

From: Piotr Matusiak <piotr_at_ccie1.com>
Date: Thu, 10 Sep 2009 14:42:23 -0400

Nick,

What about using FPM Policy template (TCDF) for skype blocking? Cisco
share it along with PHDF files. I've just quickly viewed it in text
editor and it seems as it should work only for older skype versions.
Have you tested it?

Anyways, good stuff and thanks for your effort.

--
Piotr Matusiak
CCIE #19860 (R&S, SEC)
Cytowanie Nicholas Davitashvili <nickda_at_gmail.com>:
> Iwan,
>
> Ryan is right,
> the only reason for not using NBAR is that it doesn't block any of the
> recent versions of Skype.
>
>
> Nick
> GREENNET
> Lat:  41043'25.46"N
> Long:  44045'45.60"E
>
>
> On Thu, Sep 10, 2009 at 5:15 PM, Ryan West <rwest_at_zyedge.com> wrote:
>
>> Iwan,
>>
>> I can't find a PDLM that supports post version 1 Skype detection.  I think
>> that's what Nick was addressing.
>>
>>
>>
> http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6558/ps6612/ps66
> 53/prod_qas09186a00800a3ded_ps6616_Products_Q_and_A_Item.html#wp9000037
>>
>> -ryan
>>
>> -----Original Message-----
>> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
>> Iwan Hoogendoorn
>> Sent: Thursday, September 10, 2009 7:27 AM
>> To: Nicholas Davitashvili
>> Cc: Cisco certification
>> Subject: Re: Blocking Skype with IOS
>>
>> Nice Article ...
>> Very nice if you don't want to use NBAR ... or can not use NBAR.
>>
>> But I find the NBAR config a little bit easier ;-)
>>
>> class-map match-any p2p
>> match protocol skype
>> !
>> policy-map block-p2p
>> class p2p
>> drop
>> !
>> int FastEthernet0
>> description PIX-facing interface
>> service-policy input block-p2p
>> !
>>
>> So I am trying to find reasons here not to use NBAR exept that the
>> IOS/router platform is not supporting it...
>>
>> --
>> Regards,
>>
>> Iwan Hoogendoorn
>> CCIE #13084 (R&S / Security / SP)
>> Sr. Support Engineer - IPexpert, Inc.
>> URL: http://www.IPexpert.com
>>
>>
>>
>>
>> On Wed, Sep 9, 2009 at 8:00 PM, Nicholas Davitashvili <nickda_at_gmail.com>
>> wrote:
>> > Hi guys,
>> > Here's an article we wrote about how to block Skype using IOS.
>> >
>>
> http://www.4shared.com/file/129849696/4cd4ff14/Blocking_Skype_Using_IOS.html
>> >
>> > Please comment.
>> >
>> > Nick
>> > GREENNET
>> > Lat:  41043'25.46"N
>> > Long:  44045'45.60"E
>> >
>> >
>> > Blogs and organic groups at http://www.ccie.net
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net

Received on Thu Sep 10 2009 - 14:42:23 ART

This archive was generated by hypermail 2.2.0 : Sun Oct 04 2009 - 07:42:03 ART