Blocking Peer-to-Peer and Other Traffic of Interest
don't even want it on my corporate network. It serves no business purpose, so why allow it. What am I talking about? Peer-to-peer file sharing applications and other traffic of interest that may sacrifice my security policy. Allowing P2P could very well be the fastest way to complete Network Death!
Using Cisco's NBAR you can snip off this traffic pattern easily, as well as things like jill.c, double-byte decode, SIPP attacks, Traversals and worms like Code-Red and Nimda, without breaking a sweat on your router.
Start by downloading the latest PDLMs from the Cisco website for maximum support of the latest P2P software and add them to your flash: file system. Then declare them in your config: (note: Not a complete list)
!
ip nbar pdlm flash:bittorrent.pdlm
ip nbar pdlm flash:eDonkey.pdlm
ip nbar pdlm flash:gnutella.pdlm
ip nbar pdlm flash:kazaa2.pdlm
ip nbar pdlm flash:WinMX.pdlm
ip nbar pdlm flash:printer.pdlm
!
Next, enable both a Class Map to declare the traffic and a Policy map to drop the traffic. Then finish by assigning the Service Policy to the interface.
!
class-map match-any nbar-discovery
match protocol gnutella
match protocol kazaa2
match protocol napster
match protocol printer
match protocol http url "*cmd.exe*"
match protocol fasttrack
match protocol novadigm
match protocol edonkey
match protocol bittorrent
!
!
policy-map ip-prec-marked
class nbar-discovery
drop
!
Interface Serial0/1
ip nbar protocol-discovery
service-policy input ip-prec-marked
Done.
