[afnog] Dealing with nbar unknown traffic
Bernard Wanyama
bwanyama at syntechug.com
Wed May 26 09:54:23 UTC 2010
Dear Benjamin,
I'd advise that you use the security principle that says:
Deny all by default
Permit what you choose / understand
i.e. you rework your ACLs to be restrictive by default.
That way, you will have control of all your traffic.
When a user requests for access to an app not known to NBAR, you could
also add it to your monitoring using NBAR Custom PDLMs.
Hope that helps.
Kind regards,
Bernard
On 26/05/2010, Benjamin Cobblah <cbnayai at yahoo.co.uk> wrote:
> Dear All,
>
> I have a cisco 2600 which per Nbar, i have about 85% of my bandwidth being
> consumed by unknown traffic. (very disturbing). Could anyone help me block
> this traffic immediately. I used the show ip nbar unclassified-port-stats
> and got thousands of both tcp and udp ports. Is there a smart way i can
> block this traffic without using thousands of access lists to block each
> port?
>
> Thanks in advance
>
> Benjamin
>
>
>
>
--
Bernard
Cell: +256 712 193979
Fixed: +256 414 251591
More information about the afnog
mailing list