三、用NBAR网络应用识别
NBAR是一种动态能在四到七层寻找协议的技术,它不但能做到普通ACL能做到那样控制静态的TCP UDP的报,也能做到控制一般ACLs不能做到动态的端口的那些协议(如BT)之类.
以下是以思科路由器为例的配置过程:
#show runn
得到关于BT的部分是
class-map match-all bittorrent
match protocol bittorrent
!
!
policy-map bittorrent-policy
class bittorrent
drop
!
interface GigabitEthernet0/2
description CONNECT INSIDE
ip address 192.168.168.1 255.255.255.252 secondary
ip address 192.168.21.1 255.255.255.0
ip nat inside
service-policy input bittorrent-policy
service-policy output bittorrent-policy
duplex full
speed 1000
media-type rj45
no negotiation auto
match protocol bittorrent
!
!
policy-map bittorrent-policy
class bittorrent
drop
!
interface GigabitEthernet0/2
description CONNECT INSIDE
ip address 192.168.168.1 255.255.255.252 secondary
ip address 192.168.21.1 255.255.255.0
ip nat inside
service-policy input bittorrent-policy
service-policy output bittorrent-policy
duplex full
speed 1000
media-type rj45
no negotiation auto
对于eMule,最新version2.0的包括了emule,同样可以:
ip nbar pdlm bittorrent.pdlm
ip nbar pdlm eDonkey.pdlm
class-map match-any bittorrent
match protocol bittorrent
match protocol edonkey
!
!
policy-map bittorrent-policy
class bittorrent
drop
!
ip nbar pdlm eDonkey.pdlm
class-map match-any bittorrent
match protocol bittorrent
match protocol edonkey
!
!
policy-map bittorrent-policy
class bittorrent
drop
!
这样的话,Emule也能K掉了.
