Re: Blocking Skype with IOS from Nicholas Davitashvili on 2009-09-10 (Ccielab archives 09/2009)

From: Nicholas Davitashvili <nickda_at_gmail.com>
Date: Thu, 10 Sep 2009 21:16:51 +0400

Iwan,

Ryan is right,
the only reason for not using NBAR is that it doesn't block any of the
recent versions of Skype.

Nick
GREENNET
Lat: 41043'25.46"N
Long: 44045'45.60"E

On Thu, Sep 10, 2009 at 5:15 PM, Ryan West <rwest_at_zyedge.com> wrote:

> Iwan,
>
> I can't find a PDLM that supports post version 1 Skype detection. I think
> that's what Nick was addressing.
>
>
>
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6558/ps6612/ps66
53/prod_qas09186a00800a3ded_ps6616_Products_Q_and_A_Item.html#wp9000037
>
> -ryan
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> Iwan Hoogendoorn
> Sent: Thursday, September 10, 2009 7:27 AM
> To: Nicholas Davitashvili
> Cc: Cisco certification
> Subject: Re: Blocking Skype with IOS
>
> Nice Article ...
> Very nice if you don't want to use NBAR ... or can not use NBAR.
>
> But I find the NBAR config a little bit easier ;-)
>
> class-map match-any p2p
> match protocol skype
> !
> policy-map block-p2p
> class p2p
> drop
> !
> int FastEthernet0
> description PIX-facing interface
> service-policy input block-p2p
> !
>
> So I am trying to find reasons here not to use NBAR exept that the
> IOS/router platform is not supporting it...
>
> --
> Regards,
>
> Iwan Hoogendoorn
> CCIE #13084 (R&S / Security / SP)
> Sr. Support Engineer - IPexpert, Inc.
> URL: http://www.IPexpert.com
>
>
>
>
> On Wed, Sep 9, 2009 at 8:00 PM, Nicholas Davitashvili <nickda_at_gmail.com>
> wrote:
> > Hi guys,
> > Here's an article we wrote about how to block Skype using IOS.
> >
>
http://www.4shared.com/file/129849696/4cd4ff14/Blocking_Skype_Using_IOS.html
> >
> > Please comment.
> >
> > Nick
> > GREENNET
> > Lat: 41043'25.46"N
> > Long: 44045'45.60"E
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Thu Sep 10 2009 - 21:16:51 ART

This archive was generated by hypermail 2.2.0 : Sun Oct 04 2009 - 07:42:03 ART