Blocking Bit Torrent through ASA 5510

Hi Experts,

I am running 2 Ciso ASA 5510 in a failover configuration, I want to block all torrent traffic from ASA, is this possible? if yes then how can I do it?

If its not possible then I have a software that can kill all Torrent traffic apart from UDP that I need to block from the ASA, I cannot block port range 1024 to 65536 because there are 40 or 50 UDP ports that are used for business applications, how can I only blcok UDP ports that are used by torrents?

I am using Software version 8.2 on the ASA.

Who is Participating?
Cyclops3590Connect With a Mentor Commented:
ok, lets not overcomplicate this.

create the acl necessary and apply it to the inbound inside interface.

do the ACE's in the list first that you need to permit.

so it'll be something like this as you say you need to allow some udp ports

1) create network object with list of hosts you need to communicate via udp ports
2) create service object with list of those udp ports you need to use
3) create service object with list of those udp port ranges associated with BT on that URL I gave you.
4) Create the ACL:
permit udp any object-group allowed-hosts object-group udp-ports
deny udp any any object-group bt-ports
permit ip any any

as to IP related traffic the only thing that gets blocked is the udp ports associated with BT but not any potential ports in those ranges if you're going to hosts that you need to be able to go to.
abdullahjamaliAuthor Commented:
Hi Cyslops,

Its not working.

Get Cisco Certified in IT Security

There’s a high demand for IT security experts and network administrators who can safeguard the data that individuals, corporations, and governments rely on every day. Pursue your B.S. in Network Operations and Security and gain the credentials you need for this high-growth field.

how did you test?  can you do a wireshark capture of your test? (start the capture before you open your torrent client and let it run for about a minute or so before you confirm with the display filter)

do a display filter of:
udp contains info_hash

if this shows items being matched, on your asa do the following
show service-policy  flow udp host host eq dst.port
fill in the src and dst info with that found in the wireshark capture

you may need to modify/add to the class-map in the example in the url I gave.  Bittorrent has changed of the years so it eludes firewalls pretty well these days.  Dedicated application firewalls is the way to go but even those can be defeated due to bittorrent supporting encryption as well these days.
abdullahjamaliAuthor Commented:
Hi Cyclops3590,

Please find the capture file attached, I have changed the file extension, after downloading please change the extension to .pcapng

ok, so that shows the expected results.

run the following on the asa

show service-policy flow udp host eq 32709

my guess is it doesn't really match anything you've setup.  did you modify the service policy so that it covers udp as well as tcp when doing the regex search?
abdullahjamaliAuthor Commented:
Hi Cyclopse,

I have made all the requested changes but still it's not working, please find below the configuration script and make ammentments accordingly and I will reconfigure that on our

regex infopeer ".*info_hash.*"
 class-map altogether
  match port tcp eq www
 class-map type regex match-any regcmap
  match regex infopeer
 class-map type inspect http match-all inscmap
  match request method get
  match request args regex class regcmap
 policy-map type inspect http inspol
  class inscmap
   drop-connection log
 policy-map altogether
  class altogether
   inspect http inspol
 service-policy altogether interface inside
Thanks a lot.
abdullahjamaliAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for abdullahjamali's comment #a39221846

for the following reason:

Expert reply, solved the query
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.