Interface Blogs

I don't even want it on my corporate network.  It serves no business purpose, so why allow it.  What am I talking about?  Peer-to-peer file sharing applications and other traffic of interest that may sacrifice my security policy.  Allowing P2P could very well be the fastest way to complete Network Death!

Using Cisco's NBAR you can snip off this traffic pattern easily, as well as things like jill.c, double-byte decode, SIPP attacks, Traversals and worms like Code-Red and Nimda, without breaking a sweat on your router.

Start by downloading the latest PDLMs from the Cisco website for maximum support of the latest P2P software and add them to your flash: file system.  Then declare them in your config: (note:  Not a complete list)

!
ip nbar pdlm flash:bittorrent.pdlm
ip nbar pdlm flash:eDonkey.pdlm
ip nbar pdlm flash:gnutella.pdlm
ip nbar pdlm flash:kazaa2.pdlm
ip nbar pdlm flash:WinMX.pdlm
ip nbar pdlm flash:printer.pdlm
!

Next, enable both a Class Map to declare the traffic and a Policy map to drop the traffic.  Then finish by assigning the Service Policy to the interface.

!
class-map match-any nbar-discovery
  match protocol gnutella
  match protocol kazaa2
  match protocol napster
  match protocol printer
  match protocol http url "*cmd.exe*"
  match protocol fasttrack
  match protocol novadigm
  match protocol edonkey
  match protocol bittorrent
!
!
 policy-map ip-prec-marked
  class nbar-discovery
   drop
!
Interface Serial0/1
 ip nbar protocol-discovery
 service-policy input ip-prec-marked

Done. =)

Storm - Out