2 Replies Latest reply on Mar 30, 2010 12:03 AM by ahamidi

    Effective management of IM and P2P traffic?



      We're currently putting together a solution for a customer and I was hoping to get some additional information.


      Specifically the requirement calls for a way to limit P2P and IM traffic during certain times.


      I am aware that time-based policies are certainly possibly, however I wasn't sure of the effectiveness when it comes to some of the more sophisticated applications (Bittorrent DHT, Skype, MSN Messenger) that jump ports in order to circumvent simple port blocking.


      Does any have any experience with the Firewall Enterprise when it comes to these applications? Does it require the IPS signature subscriptions?


      Any information would be greatly appreciated.




      Ali H.

        • 1. Re: Effective management of IM and P2P traffic?



          You would need to use IPS Signatures (and be licensed for them) in order to block this sort of traffic with a Sidewinder.


          The built-in signatures include categories of 'P2P-Policy' and 'P2P-General'.  There are individual signatures in these categories for blocking, for instance:

          • any packet with a 'Content-Type' of 'application/x-bittorrent'
          • a Bittorrent request for peers
          • a Bittorrent handshake
          • (and more...)


          There are many, many more signatures having to do with P2P in general (Gnutella, Skype, eMule specific, etc.).


          You could build a Signature Group containing only the specific signatures you want to trigger and set this as the IPS in your rule (which you could lockdown to specific times of the day).  Then you could deny traffic if it matches these signatures at specific times of the day.


          There are no Bittorrent DHT specific signatures, but custom signatures can be created and used (KB63125).



          on 3/29/10 4:25:01 PM CDT
          1 of 1 people found this helpful
          • 2. Re: Effective management of IM and P2P traffic?

            Thanks Sliedl,


            That's exactly what I was looking. Appreciate the pointers.




            Ali H.