cancel
Showing results for 
Search instead for 
Did you mean: 

Time-based scheduling on NSP?

Hi,

Is there any way to configure a time-based (schedule) policy to block P2P traffic?

I realize that the usefulness of such a feature would be extremely limited (why would someone only want protection some of the time??? ), but I would just like to see if anyone has any alternative ways of achieving the same end result.

The background is that a customer already has a Firewall which cannot effectively block P2P and is already considering a McAfee NSP solution as an IPS, which I believe happens to be very good at detecting applications that fallback on port 80. So achieving the above on the NSP would save the customer from having to deploy a 3rd box.

Thanks,

Ali H.

5 Replies

Re: Time-based scheduling on NSP?

Dear Sir,

I think until 5.1 time based policy is not supported on NSP Solution (I did not try 6.0 yet). Besides this point take special attention when you consider to block P2P aplications with the NSP. You can DETECT most P2P aplications with NSP but you can face some problems to block them specially if they are in "obfuscated mode".

Re: Time-based scheduling on NSP?

Hi Gooru4speed,

Thanks for your comments.

By "obfuscated mode" do you mean traffic like encrypted Bittorrent? or general port-jumping?

Ali H.

Re: Time-based scheduling on NSP?

Yes ahamidi, "obfuscated mode" is an encrypted mode. Here I attached a screen capture with Edonkey client config and you can see how set this feature (remarked in red).

When you enable the obfuscated mode and try to connect to Edonkey Server you will see in the Real Time Analyzer the connection was blocked if you configure the related attack to block. Edonkey client will connect anyway to Server and NSP won't block the connection. If you disable the obfuscated mode in your Edonkey client then NSP will successfully block the connection.

I hope this helps you.

Highlighted

Re: Time-based scheduling on NSP?

Ah I see. Thank you again for the information.

I'm guessing there must be a way to block even that traffic, perhaps using a custom signature?

Either way, I appreciate the help.

Regards,

Ali H.

Re: Time-based scheduling on NSP?

Unfortunately there is no way to do this.   This actually is an interesting suggestion, and I will submit it as an FMR.  I can see an argument where you may want to implement certain signatures for parts of the day.   I don't know if this would get alot of use in the field, but ya never know.   Regarding custom signatures/UDS, using a time window is still not possible.    Thanks for the suggestion though.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community