Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

FW: Skype

from [Dobby, Wayne (Perth)] Network Security [Permanent Link]
Subject: FW: Skype
Date: Fri, 14 Dec 2007 09:14:00 +0900 
Don't recall where I found this on the web but I came across it a couple months 
ago when our security manager was looking at blocking/shaping Skype. So for 
those running Cisco routers this might solve your problems.

_________________________________________________________________________________________________________________________
On April 4th 2006, Cisco released IOS version 12.4 (4) T. Cisco introduced much 
awaited Skype classification in NBAR . So now with simple policy you can block 
skype. Skype can be blocked in a similar way as we use to block kazza,limewire 
and other p2p applications.

Example:-

NBAR configuration to drop Skype packets

classâmap matchâany p2p
match protocol skype

policyâmap blockâp2p
class p2p
drop

int FastEthernet0
description PIXâfacing interface
serviceâpolicy input blockâp2p

If you are unsure about the bandwidth eating applications being used in your 
organisation. you can access the interface connected to the Internet and 
configure following command

ip nbar protocol-discovery.

This will enable nbar discovery on your router.

Use following command:- 


show ip nbar protocol-discovery stats bit-rate top-n 10

it will show you top 10 bandwidth eating applications being used by the users. 
Now you will be able to block/restrict traffic with appropriate QoS policy.

we can also use ip nbar port-map command to look for the protocol or protocol 
name, using a port number or numbers other than the well-known Internet 
Assigned Numbers Authority (IANA)-assigned) port numbers.

Usage as per cisco:-
ip nbar port-map protocol-name [tcp | udp] port-number

Up to 16 ports can be specified with this command. Port number values can range 
from 0 to 65535

 
____________________________________________________________________________________________________
 



Rgrds,
Wayne Dobby
Network Specialist
ICT | WorleyParsons | www.worleyparsons.com

*** WORLEYPARSONS GROUP NOTICE ***
"This email is confidential.  If you are not the intended recipient, you must 
not disclose  or  use the  information contained in it.  If you have received 
this email in error,  please notify us immediately by return email and delete 
the email and any attachments. Any personal views or opinions expressed by the 
writer may not necessarily reflect the views or opinions of any company in the 
WorleyParsons Group of Companies."
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: I want the PT list back...., krymson
Next by Date:  Information Security, Charles Hardin
Previous by Thread:  Re: Skype, krymson
Next by Thread:  RE: Skype, Jason M. Beauford
Indexes:  [Date] [Thread] [Top] [All Lists]