P2P is a network protocol which is widely used to share large volumes of file over the network. It uses the protocols like BitTorrent to download as well as to share data over the Internet. In a Peer-to-peer network each computer will act as a server or client for the other computer. Since the files are available from various sources we can quickly download a file using a P2P application.
Nowadays P2P plays a major role over the Internet where millions of people are using it to download movies, games, software etc.Statistics shows that around 30-40% of global Internet traffic is used by the P2P traffic. Recent survey conducted by Cisco estimated that the p2p traffic will be doubled (7 Petabytes per month) by 2014 compared to 2009 where it was only 3.2 Petabytes per month.
How P2P works?
1. You run a software like utorrent on your computer and sends out a request for a file that you want to download.
2. The software (eg.utorrent) queries the other computers which is connected to the internet and is running with similar software.
3. As soon as it finds the file on another computer, the download begins.
4. In the same way other computers will also download the file from your computer.
Major P2P Protocols
1. BitTorrent (Azureus, BitSpirit, BitTorrent.Net, MLdonkey, QTorrent, µTorrent,etc)
2. Gnutella (BearShare, iMesh, Gnotella, Gnucleus, GTK-gnutella, LimeWire, etc)
3. FastTrack (Grokster, iMesh, Kazaa, Morpheus, etc)
4. eDonkey (eMule, Overnet, etc )
5. Direct Connect (BCDC++, DC++, NeoModus Direct Connect, etc )
6. OpenNap ( WinMX )
How to Block P2P ?
Blocking P2P traffic is a real challenge as the P2P protocols are using dynamic ports to connect to our computers. Cisco provided us with two solutions to block P2P traffic on our gateway. This document will guide you to configure those two methods to block the p2p traffic in your network. But I cannot give you 100% guarantee to block P2P because of its port hopping ability and the encryption in the traffic.
Blocking P2P traffic is a real challenge as the P2P protocols are using dynamic ports to connect to our computers. Cisco provided us with two solutions to block P2P traffic on our gateway. This document will guide you to configure those two methods to block the p2p traffic in your network. But I cannot give you 100% guarantee to block P2P because of its port hopping ability and the encryption in the traffic.
The two features that Cisco provide to block P2P traffic are:
1. NBAR
2. Application Control in Zone Based Firewall.
- This example is based on a Cisco Integrated Service Router running with 15.0(1)M3 code.
1. Blocking P2P using NBAR
NBAR is a classification engine that can recognize a wide variety of applications via the deep packet inspection. This feature is available from Cisco IOS Version 12.0(5)XE2. It has the ability to identify applications including Web-based applications and client/server applications that dynamically assign TCP , User Datagram Protocol (UDP) port numbers as well as P2P applications. NBAR helps the network administrator to classify the traffic by defining QoS policies there by ensuring the best bandwidth for the legitimate traffic. For more info visit: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6558/ps6616/prod_case_study09186a00800ad0ca.html
Follow the below steps to block P2P traffic using the NBAR deep packet inspection engine.
Enable cef on your router. For this type the command as below on the global configuration mode:
Cisco_ISR(config)#ip cef
Create a Class map which will group all the P2P protocols. Type the command as below:
Cisco_ISR(config)#class-map match-any ALL-P2P-PROTOCOLS
Cisco_ISR(config)# match protocol edonkey
Cisco_ISR(config)# match protocol fasttrack
Cisco_ISR(config)# match protocol gnutella
Cisco_ISR(config)# match protocol winmx
Cisco_ISR(config)# match protocol cuseeme
Cisco_ISR(config)# match protocol kazaa2
Cisco_ISR(config)# match protocol irc
Cisco_ISR(config)# match protocol bittorrent
Cisco_ISR(config)# match protocol skype
Cisco_ISR(config)# match protocol ssh
Cisco_ISR(config)# match protocol irc
Create a Policy map to define what you want to do with the traffic. In our case it is drop since we need to block the p2p traffic.
Cisco_ISR(config)#policy-map P2P- DROP
Cisco_ISR(config)#class ALL-P2P-PROTOCOLS
Cisco_ISR(config)#drop
Apply the policy to the user-facing (Incoming) interface.
Cisco_ISR(config)#interface gigabitEthernet 0/0
Cisco_ISR(config-if)#service-policy input P2P-DROP
Now you can verify the correct operation of the NBAR feature using the below command :
Cisco_ISR#show policy-map interface gigabitEthernet 0/0
Below you can find an output of the above command where the drop rate is 16000 bps.
This configuration requires a Zone Based Firewall already configured on your router. If you don't have a Zone Based Firewall configured on your router you can refer the following document http://yadhutony.blogspot.in/2012/10/cisco-ios-zone-based-firewall-step-by.html to do the configuration.
Now to block p2p traffic using a zone based firewall follow the below steps.
Task 1 : Configure HTTP port misuse policy
With this configuration you can the stop the misuse of http port by p2p and other applications.
Create a Class map to define the port-misuse parameters. Type the command as below :
Router(config)#class-map type inspect http match-any HTTP-PORT-MISUSE
Router(config-cmap)#match request port-misuse im
Router(config-cmap)#match request port-misuse p2p
Router(config-cmap)#match request port-misuse tunneling
Create a Policy-map which define what you want to do with the traffic and apply the above class-map 'HTTP-PORT-MISUSE' to the policy-map.
Router(config)#policy-map type inspect http HTTP-PORT-MISUSE-POLICY
Router(config-pmap)#class type inspect http HTTP-PORT-MISUSE
Router(config-pmap)#reset
Router(config-pmap)#log
Now apply this policy-map to the outgoing http inspection policy
Router(config)#policy-map type inspect IN-TO-OUT-POLICY
Router(config-pmap)#class type inspect HTTP-ACCESS
Router(config-pmap)#inspect
Router(config-pmap)#service-policy http HTTP-PORT-MISUSE-POLICY
For more information about port misuse commands refer: http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_p1.html#wp1064215
Task 2 : Configuring firewall policy to block p2p traffic
Here we are defining the class maps and policy maps to configure a firewall policy that will explicitly block p2p traffic on your firewall. Type the command as below:
Class Map
Router(config)#class-map type inspect match-any ALL-P2P-PROTOCOLS
Router(config-cmap)#match protocol edonkey signature
Router(config-cmap)#match protocol gnutella signature
Router(config-cmap)#match protocol kazaa2 signature
Router(config-cmap)#match protocol fasttrack signature
Router(config-cmap)#match protocol bittorrent signature
Now apply the above class-map to the outgoing policy-map configuration.
Policy Map
Router(config)#policy-map type inspect IN-TO-OUT-POLICY
Router(config-cmap)#class type inspect ALL-P2P-PROTOCOLS
Router(config-cmap)#drop log
Verification
You can verify the above operation using the command :
Router#show policy-map type inspect zone-pair
Below you can find an output of the verification command
It is best practice to place the Class-map that you created to block the P2P traffic above all class-maps on your Inside to Outside Policy-map or Firewall policy.
For advanced configuration and IM application blocking visit http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5710/ps1018/white_paper_c27_543585.html
With all the above configurations we can only block the P2P traffic up to an extent. It will not give you a complete solution because of the encryption used in the p2p traffic where the Cisco device fails to do a deep packet inspection. I will suggest using some applications in your network along with NBAR or ZBFW in order to prevent p2p traffic in your network.
You may also find this document useful Cisco IOS Local Content Filtering
How to unblock p2p in utorrent
ReplyDeletewhat do you mean?
DeleteAs an administrator, you just need to sign in and make configuration changes to your Network. 192.168.10.1 - Login Admin - Router Help
ReplyDeleteThe Diary Of A Networker: How To Block P2P Traffic On A Cisco Router >>>>> Download Now
ReplyDelete>>>>> Download Full
The Diary Of A Networker: How To Block P2P Traffic On A Cisco Router >>>>> Download LINK
>>>>> Download Now
The Diary Of A Networker: How To Block P2P Traffic On A Cisco Router >>>>> Download Full
>>>>> Download LINK Sk