Newbie Question

Discussion in 'Cisco' started by Mike, Dec 24, 2003.

  1. Mike

    Mike Guest

    Hello,

    I need to block traffic on my Pix 515, specifcally junk web traffic, which
    is not TCP:80. I need to allow my users to surf, but want to eliminate
    streaming web music, weather programs that constantly hit the Net, Kazaa,
    spyware, etc, etc.... I know that some of these apps scan open ports and
    use those, but is there an easy way to block everything except for the
    basics (TCP 80, 25, 110, etc)? I have a Pix 515 with v6.3.

    Thanks,
    Mike




    -----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
    http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
    -----== Over 100,000 Newsgroups - 19 Different Servers! =-----
    Mike, Dec 24, 2003
    #1
    1. Advertising

  2. Hello, Mike!
    You wrote on Wed, 24 Dec 2003 08:36:52 -0500:

    M> I need to block traffic on my Pix 515, specifcally junk web
    M> traffic, which is not TCP:80. I need to allow my users to
    M> surf, but want to eliminate streaming web music, weather
    M> programs that constantly hit the Net, Kazaa, spyware, etc,
    M> etc.... I know that some of these apps scan open ports and use
    M> those, but is there an easy way to block everything except for
    M> the basics (TCP 80, 25, 110, etc)? I have a Pix 515 with v6.3.

    You will need more than just a PIX to do what you are looking for. Cisco NBAR
    and Packeteer PacketShaper come to my mind. First one is technology and run on
    Cisco router, second one is a product. Idea behind is simple - application
    recognition.

    Trying to block everything except 80, 25, 110, etc. can potentially break some
    legitimate traffic. On the other hand there is TCP over HTTP and TCP over DNS
    available - so you really want to look into payload.

    With best regards,
    Andrey.
    Andrey Tarasov, Dec 24, 2003
    #2
    1. Advertising

  3. Mike

    Guest Guest


    > M> I need to block traffic on my Pix 515, specifcally junk web
    > M> traffic, which is not TCP:80. I need to allow my users to
    > M> surf, but want to eliminate streaming web music, weather
    > M> programs that constantly hit the Net, Kazaa, spyware, etc,
    > M> etc.... I know that some of these apps scan open ports and use
    > M> those, but is there an easy way to block everything except for
    > M> the basics (TCP 80, 25, 110, etc)? I have a Pix 515 with v6.3.
    >
    > You will need more than just a PIX to do what you are looking for. Cisco

    NBAR
    > and Packeteer PacketShaper come to my mind. First one is technology and

    run on
    > Cisco router, second one is a product. Idea behind is simple - application
    > recognition.
    >
    > Trying to block everything except 80, 25, 110, etc. can potentially break

    some
    > legitimate traffic. On the other hand there is TCP over HTTP and TCP over

    DNS
    > available - so you really want to look into payload.
    >
    > With best regards,
    > Andrey.


    I agree with Andrey that you would need something other then the PIX to do
    properly, content inspection is what you need and this is not a feature of
    the firewall. It also has it's own problems blocking legitimate traffic.

    But, you can use a simple ACL to block all outbound except the ports you
    mentioned, you will just have to put in exceptions for legitimate traffic
    when the user complains. And they will.
    Guest, Dec 26, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. No Spam
    Replies:
    3
    Views:
    3,971
    No Spam
    Jun 7, 2004
  2. Jørgen Gilberg
    Replies:
    1
    Views:
    1,029
  3. SPD
    Replies:
    1
    Views:
    1,146
    Jørgen Gilberg
    Aug 13, 2003
  4. Lee
    Replies:
    4
    Views:
    2,059
  5. Replies:
    0
    Views:
    1,403
Loading...

Share This Page