How to block skype June 7, 2006
Posted by ciscotips in security, Router, QOS, Access-lists. trackback
On April 4th 2006, Cisco released IOS version 12.4 (4) T. Cisco introduced
much awaited Skype classification in NBAR . So now with simple policy you
can block skype. Skype can be blocked in a similar way as we use to block
kazza,limewire and other p2p applications.
Example:-
NBAR configuration to drop Skype packets
class?map match?any p2p
match protocol skype
policy?map block?p2p
class p2p
drop
int FastEthernet0
description PIX?facing interface
service?policy input block?p2p
If you are unsure about the bandwidth eating applications being used in
your organisation. you can access the interface connected to the Internet
and configure following command
ip nbar protocol-discovery.
This will enable nbar discovery on your router.
Use following command:-
show ip nbar protocol-discovery stats bit-rate top-n 10
it will show you top 10 bandwidth eating applications being used by the
users. Now you will be able to block/restrict traffic with appropriate QoS
policy.
we can also use ip nbar port-map command to look for the protocol or
protocol name, using a port number or numbers other than the well-known
Internet Assigned Numbers Authority (IANA)-assigned) port numbers.
Usage as per cisco:-
ip nbar port-map protocol-name [tcp | udp] port-number
Up to 16 ports can be specified with this command. Port number values can
range from 0 to 65535
Operating Systems Guides
Microsoft Windows XP Guides
NSA has developed and distributed configuration guidance for Microsoft Windows NT and Windows 2000 in the form of configuration guides. These guides are currently being used throughout the government and by numerous entities as a security baseline for their Windows systems.
powered by performancing firefox
No comments:
Post a Comment