Block Skype using IOS
Do you want to or need to be able to block Skype traffic? Did you know you can block it using your IOS based Cisco router? You sure can using Flexible Packet Matching (FPM). FPM is a next-generation access control list (ACL) technology that is capable of filtering at a bit-level, deep within IP packets. FPM provides the granularity to filter anomalous traffic from networks while minimizing the risk of filtering legitimate business traffic. Flexible Packet Matching provides the means to configure match criteria for any or all fields in a packet’s header, as well as bit-patterns within the packet’s payload within the first 256 bytes.
This allows the characteristics of an attack (source port, packet size, byte string) to be uniquely matched and allows a designated action to be taken. FPM provides a flexible Layer 2-7 stateless classification mechanism. The user can specify classification criteria based on any protocol and any field of the traffic’s protocol stack. Based on the classification result, actions such as drop or log can be taken. In order to get started you first have to have the pdlm or tcdf files that you need load into the router. These can be found on CCO at the following location:
http://www.cisco.com/cgi-bin/tablebuild.pl/fpm
in our example we will use the udp.phdf, tcp.phdf and ip.phdf files…if you prefer to use xml you can use the skype.tcdf file and follow the documentation located here for enabling it: Doc Guide. Next we will ‘load’ the phdf files into the router and configure the parameters that we need FPM to match on in order to identify Skype using class-maps, then we will call the class-maps within two policy-maps and define and action of drop for that traffic for one class-map and then nest that policy-map inside another policy-map. The final configuration is as follows:
load protocol system:fpm/phdf/udp.phdfload protocol system:fpm/phdf/tcp.phdfload protocol system:fpm/phdf/ip.phdf!class-map type stack match-all ip_tcp match field IP protocol eq 6 next TCP!class-map type access-control match-all skype match start TCP payload-start offset 0 size 4 eq 0×17030100!policy-map type access-control skype-policy class skype drop!policy-map type access-control fpm-policy class ip_tcp service-policy skype-policy
skip to main |
skip to sidebar
a0000.blogspot.com
rg443"s shared items
Blog Archive
-
▼
2007
(1841)
-
▼
December
(492)
- How to: Use Named Pipes to Communicate Between Pro...
- Asynchronous File I/O in VB.Net
- Built-In Asynchronous I/O Support in ASP.NET
- Asynchronous File I/O
- XAML Sparkline example
- ewbi.develops: Sparklines
- Simple Sparklines Wordpress plugin, version 0.2
- BonaVista Systems – Sparklines, Dashboards, Charti...
- TiddlyWiki - Sparklines
- How to inline your sparklines/images in PHP with d...
- Sparkline PHP Graphing Library
- Sparkline PHP Graphing Library
- Sparkline PHP Library
- .NET Framework Developer's Guide: Asynchronous Fil...
- File Caching (Windows)
- Visual Basic: Performance Counters Sample
- Getting Started with My.Blogs | Visual Studio 2005...
- Visual Basic Fusion: Best Practices to Use Visual ...
- Using Threading to Build a Responsive Application ...
- Extending Visual Basic 6 ActiveX EXEs With Visual ...
- Sharing ADO Recordsets Between Visual Basic 6 and ...
- Visual Basic 6 Asynchronous File IO Using the .NET...
- Visual Basic 6 Asynchronous File IO Using the .NET...
- ASProxy: Surf in the web invisibly using ASP.NET p...
- GParted - Gnome Partition Editor
- SystemRescueCd
- XFS: A high-performance journaling filesystem
- Use RegExp to parse IP address (logfile) | VB.Net
- ewbi.develops: Sparklines
- Sparklines - Jon Galloway
- Javascript Sparklines Library
- Gavotte Ramdisk - Free virtual hardisk
- Free Ramdisk for Windows Vista, XP, 2000 and 2003 ...
- squid : Optimising Web Delivery - IP Cache API
- squid : Optimising Web Delivery - dnsserver
- Submit your site to Search Engines
- Google Chart GUI : Chart Generator
- Google Chart Generator
- Blog This - simple editor using the Blogger JavaSc...
- 10 Free Microsoft Apps That Don’t Suck
- On efficiently geo-referencing IPs with MaxMind Ge...
- 40 Unusual Websites you should Bookmark.
- Gmail Craze: 30 + Tools and Hacks for Gmail
- 5 “Disposable” Web Accounts to Keep Your Identity ...
- 100 Portable Apps for your USB Stick (both for Mac...
- 40 Unusual Websites you should Bookmark.
- 5 “Disposable” Web Accounts to Keep Your Identity ...
- Create Customized CSS Menus
- Create Customized CSS Menus
- Using the right version of MSXML in Internet Explorer
- Rush Hour 3 | Video | KINO.DE
- DHTML: Draw Line, Ellipse, Oval, Circle, Polyline,...
- ExplorerCanvas
- XML HTTP Performance and Caching
- UDP: Server receives packets from a client, then e...
- VBScript-To-JavaScript functions
- ASP 101 - Progress Bar
- Reading ASP.NET Application Settings From Web.conf...
- kping.com - Update your Blog on all Major Search E...
- Ghost.com - Symantec Corp
- linux-ntfs.org
- XFS: A high-performance journaling filesystem
- Reiser4 is released!
- E2fsprogs: Ext2 Filesystem Utilities
- Partimage
- DRBL - Diskless Remote Boot in Linux
- Clonezilla-live download
- Clonezilla - Open Source Partition & Disk Cloning ...
- Biography of Claude Elwood Shannon
- dbaddin - dbfuncts
- 1948: Die Einführung des Bit
- SunSpider JavaScript Benchmark
- DHTML JavaScript Benchmark
- WebKit gets native getElementsByClassName
- ChartMaker: Ext 2 UI on top of the Google Chart API
- JavaScript Benchmarks
- GNS3: Graphical Network Simulator
- Load and Search MySQL Data Using VB.NET 2005 in Wi...
- Windows PE - Plugin List
- BartPE Plugin repository Index
- GNS3 - a graphical network simulator
- Services to Backup Important Data Online
- OxygenOffice Professional - Office Suite
- GIMP - The GNU Image Manipulation Program
- Free PDF Converter - create high-quality PDF from ...
- PDFedit
- 7 Free Windows Apps That Saved me Big $$$
- OpenOffice.org
- IBM Lotus Symphony
- 6 Free Office Suites That Are NOT Microsoft
- Read Digg Faster
- OpenDNS | Providing A Safer And Faster Internet
- How To Set Up A Private Anonymous Proxy
- 5 Tools to Make Windows XP Look Like Vista
- 10 Most Downloaded Free Security AND PC Care Programs
- OxygenOffice Pro: Enhanced Version of OpenOffice
- Five Free Programs to Defragment your PC
- 5 Must-have Plugins for Your Wordpress Blog
- Another 10 Must-have Plugins for Your Wordpress Blog
- 10 Free Microsoft Apps That Don’t Suck
-
▼
December
(492)
Labels
- :-) (1)
- "Sony Alpha 900" (1)
- amazing photos (2)
- ASP (1)
- backup (1)
- base64 (1)
- Berkeley DB (2)
- BGP (4)
- blacklist (1)
- blogging (1)
- BPG (2)
- Cisco (44)
- Cisco Press (1)
- Code Snippets (3)
- Configuration Change Tracking (1)
- CRYPTO (1)
- curl (1)
- delicious (1)
- DMVPN (2)
- DNS (3)
- Eggheadcafe (2)
- filminfo (2)
- flickr (1)
- Full-Text Search (3)
- gallery (1)
- gdata (1)
- GeoIP (1)
- Google Charts API (1)
- googlecode Blogger JavaScript API (1)
- grain (1)
- hostip (1)
- HTML Tidy (1)
- incertain (1)
- incertain1 (1)
- IPSEC (1)
- javascript (1)
- javascript.trim javascript trim (1)
- JET SQL (1)
- kcyr7 (1)
- Levenshtein (1)
- mencoder (1)
- Movie (12)
- MPLS (7)
- MySQL (26)
- MySQL Performance (1)
- NAP (1)
- NAT (1)
- NBAR (1)
- NetCat (2)
- netCHARTING (1)
- Nicht ohne meine Schwiegereltern (3)
- Perl (1)
- photo blog (1)
- photobucket (1)
- Pix (2)
- pixdaus (1)
- rfc822 (1)
- RIR (1)
- route-map (1)
- scriptlets (1)
- sepia (1)
- slideshow (2)
- slug 1x-street (1)
- sort array (1)
- SQL (3)
- SQL Server (3)
- SQL Server 2000 (1)
- SQL Server 2005 (12)
- SQLIO (2)
- SQLIOStress (1)
- SQLite (1)
- squid (1)
- Stateful Failover IPSec Cisco HSRP SSO (1)
- Street Photography (2)
- Syntax Highlighter (5)
- T-SQL (2)
- VBscript (3)
- Virtual Tunnel Interface (1)
- VLAN (1)
- vmware (1)
- VRF (2)
- VTI (1)
- WebVPN (1)
- WordPress Plugin (1)
- WordPress Themes (1)
- xml (1)
- xp_sscanf (1)
Snap Shots
