1 of 1 people found this helpful
I think until 5.1 time based policy is not supported on NSP Solution (I did not try 6.0 yet). Besides this point take special attention when you consider to block P2P aplications with the NSP. You can DETECT most P2P aplications with NSP but you can face some problems to block them specially if they are in "obfuscated mode".
Thanks for your comments.
By "obfuscated mode" do you mean traffic like encrypted Bittorrent? or general port-jumping?
Yes ahamidi, "obfuscated mode" is an encrypted mode. Here I attached a screen capture with Edonkey client config and you can see how set this feature (remarked in red).
When you enable the obfuscated mode and try to connect to Edonkey Server you will see in the Real Time Analyzer the connection was blocked if you configure the related attack to block. Edonkey client will connect anyway to Server and NSP won't block the connection. If you disable the obfuscated mode in your Edonkey client then NSP will successfully block the connection.
I hope this helps you.
edonkey_config.JPG 147.6 K
Ah I see. Thank you again for the information.
I'm guessing there must be a way to block even that traffic, perhaps using a custom signature?
Either way, I appreciate the help.
Unfortunately there is no way to do this. This actually is an interesting suggestion, and I will submit it as an FMR. I can see an argument where you may want to implement certain signatures for parts of the day. I don't know if this would get alot of use in the field, but ya never know. Regarding custom signatures/UDS, using a time window is still not possible. Thanks for the suggestion though.