Re: Blocking Skype with IOS from Nicholas Davitashvili on 2009-09-11 (Ccielab archives 09/2009)

From: Nicholas Davitashvili <nickda_at_gmail.com>
Date: Fri, 11 Sep 2009 09:57:31 +0400

Piotr,

True. In our tests the TCDF worked for ancient versions of Skype only.

Nick
GREENNET
Lat: 41043'25.46"N
Long: 44045'45.60"E

2009/9/10 Piotr Matusiak <piotr_at_ccie1.com>

> Nick,
>
> What about using FPM Policy template (TCDF) for skype blocking? Cisco share
> it along with PHDF files. I've just quickly viewed it in text editor and it
> seems as it should work only for older skype versions. Have you tested it?
>
> Anyways, good stuff and thanks for your effort.
>
> --
> Piotr Matusiak
> CCIE #19860 (R&S, SEC)
>
> Cytowanie Nicholas Davitashvili <nickda_at_gmail.com>:
>
> Iwan,
>>
>> Ryan is right,
>> the only reason for not using NBAR is that it doesn't block any of the
>> recent versions of Skype.
>>
>>
>> Nick
>> GREENNET
>> Lat: 41043'25.46"N
>> Long: 44045'45.60"E
>>
>>
>> On Thu, Sep 10, 2009 at 5:15 PM, Ryan West <rwest_at_zyedge.com> wrote:
>>
>> Iwan,
>>>
>>> I can't find a PDLM that supports post version 1 Skype detection. I
>>> think
>>> that's what Nick was addressing.
>>>
>>>
>>>
>>>
>>
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6558/ps6612/ps66
>> 53/prod_qas09186a00800a3ded_ps6616_Products_Q_and_A_Item.html#wp9000037
>>
>>>
>>> -ryan
>>>
>>> -----Original Message-----
>>> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
>>> Iwan Hoogendoorn
>>> Sent: Thursday, September 10, 2009 7:27 AM
>>> To: Nicholas Davitashvili
>>> Cc: Cisco certification
>>> Subject: Re: Blocking Skype with IOS
>>>
>>> Nice Article ...
>>> Very nice if you don't want to use NBAR ... or can not use NBAR.
>>>
>>> But I find the NBAR config a little bit easier ;-)
>>>
>>> class-map match-any p2p
>>> match protocol skype
>>> !
>>> policy-map block-p2p
>>> class p2p
>>> drop
>>> !
>>> int FastEthernet0
>>> description PIX-facing interface
>>> service-policy input block-p2p
>>> !
>>>
>>> So I am trying to find reasons here not to use NBAR exept that the
>>> IOS/router platform is not supporting it...
>>>
>>> --
>>> Regards,
>>>
>>> Iwan Hoogendoorn
>>> CCIE #13084 (R&S / Security / SP)
>>> Sr. Support Engineer - IPexpert, Inc.
>>> URL: http://www.IPexpert.com
>>>
>>>
>>>
>>>
>>> On Wed, Sep 9, 2009 at 8:00 PM, Nicholas Davitashvili <nickda_at_gmail.com>
>>> wrote:
>>> > Hi guys,
>>> > Here's an article we wrote about how to block Skype using IOS.
>>> >
>>>
>>>
>>
http://www.4shared.com/file/129849696/4cd4ff14/Blocking_Skype_Using_IOS.html
>>
>>> >
>>> > Please comment.
>>> >
>>> > Nick
>>> > GREENNET
>>> > Lat: 41043'25.46"N
>>> > Long: 44045'45.60"E
>>> >
>>> >
>>> > Blogs and organic groups at http://www.ccie.net
>>> >
>>> > _______________________________________________________________________
>>> > Subscription information may be found at:
>>> > http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Fri Sep 11 2009 - 09:57:31 ART

This archive was generated by hypermail 2.2.0 : Sun Oct 04 2009 - 07:42:03 ART