[afnog] Dealing with nbar unknown traffic
SM
sm at resistor.net
Wed May 26 12:47:49 UTC 2010
Hi Benjamin,
At 01:13 26-05-10, Benjamin Cobblah wrote:
>I have a cisco 2600 which per Nbar, i have about 85% of my bandwidth
>being consumed by unknown traffic. (very disturbing). Could anyone
>help me block this traffic immediately. I used the show ip nbar
>unclassified-port-stats and got thousands of both tcp and udp ports.
>Is there a smart way i can block this traffic without using
>thousands of access lists to block each port?
At a rough guess, there's some P2P traffic. You can either try the
cat and mouse approach where you will end up deploying deep packet
inspection or else try non-technical methods such as:
1. Identify source IP addresses
2. Call the persons and remind them of the TOS
3. Deploy measures allowed by TOS
Regards,
-sm
More information about the afnog
mailing list