Banda Ancha EU

Comunidad de usuarios
de fibra, móvil y ADSL

hosting en interdominios
66 lecturas y 2 respuestas
  • Este tema es antiguo y puede contener información obsoleta. Abre un nuevo tema para publicar tu mensaje.
    • Cerrado

      ¿Porqué te extraña? Hace 1 año me dieron un Cisco que se…

      ¿Porqué te extraña? Hace 1 año me dieron un Cisco que se murió a los 5 meses. Entonces me dieron un USRobotics, que murió en 1 mes, desde entonces otro USRobotics funcionando perfectamente.
      En el foro verás que el USRobotics se utiliza mucho por ONO para Banda Ancha.

      • Cerrado

        BocaDePez BocaDePez

        Kick file-sharing apps off your network in four steps Page 2…

        Kick file-sharing apps off your network in four steps
        Page 2 of 2

        You should also invest in software that regularly performs audits on the network. With such software, you can collect the audited information in a centralized database, which shows who has P2P applications installed, and indicates any other unauthorized software and music users may have.

        Several excellent software audit tools are currently available on the market. GASP from Attest Systems is one of my favorites. It audits and tracks software from a central location, and it can identify 99.9 percent of all software running on a variety of clients and server operating systems.

        Kill the packets
        After you've developed a policy, educated your user base, and cleaned your clients of existing P2P applications, you'll want to kill inbound/outbound P2P packets at the network level. At your border router, create a method to identify and drop the offensive traffic.

        The following example demonstrates how to configure a Cisco router to kill P2P packets:
        Config t [enter configuration mode]
        Ip cef [enable Cisco Express Forwarding]
        Interface fa 0/0 [enter interface configuration mode]
        Ip nbar protocol-discovery [enable nbar protocol-discovery]
        End [exit configuration mode]

        This action enables Cisco Express Forwarding (CEF) and network-based application recognition (NBAR). Now you're ready to stop the packets by assigning a differentiated services code point (DSCP) to the offending packets and drop them via an access list:
        ip cef
        class-map match-any p2p
        match protocol fasttrack
        match protocol gnutella
        match protocol napster
        match protocol httpurl#65533; "\.hash=*"
        match protocol httpurl#65533; "\.hash=*"
        match protocol kazaa2
        policy-map p2p
        class p2p
        set ip dscp 1

        This configuration assigns a priority mark to the defined protocols and allows you to filter packets that have been assigned to "dscp 1." Next, add the following access list to both your incoming and outgoing router interfaces:
        interface FastEthernet 0/0
        access-list 100 deny ip any any dscp 1 log
        access-list 100 permit ip any any

        This configuration will block most P2P applications and eliminate Kazaa's ability to port hop and utilize port 80.

        You can also stop P2P traffic at the application level, before the packets reach the clients. Packeteer's PacketShaper is one application-intelligent traffic management solution that provides Layer 7 control over your network. PacketShaper will block offensive traffic, URLs, and a lot more. It can also identify and block music and movie downloads from P2P applications that would result in violations of copyright laws.

        Final thoughts
        P2P applications are a security nightmare for any corporate network. To eliminate this threat, implement the kind of defense in-depth solution I have outlined here and rid your network of these nonproductive, bandwidth-hogging applications.

        This article was originally published in TechRepublic's Security Solutions e-newsletter.
        Viene a ser la forma de eliminar el trafico p2p