Announcement

Collapse
No announcement yet.

Blocking Spotify on Cisco PIX ASA

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Blocking Spotify on Cisco PIX ASA

    Hi All,

    I'm a complete noob with Cisco routers and I am hoping to find a way to block Spotify from our company firewall. Our bandwidth has been suffering severely over the last month and we have our suspicions this is the reason.

    Device is Cisco ADSM 5.2
    ASA Version 7.2

    I am aware of the following :
    -Spotify own a range of addresses (all of 78.31.8.0/22)
    -Spotify tries to connect on port 4070. If that is blocked, it will then try port 443, if that's blocked, then port 80
    -Spotify can use a proxy, so you need to block socks and https access to the ap.spotify.com address

    Can anyone point me in the right direction for what I need to do here? Bear in mind I may need to be spoon fed commands here. I'm not even sure if this is possible, as surely we can't block ports 80 and 443?

    Feel free to ask any more information!

  • #2
    Re: Blocking Spotify on Cisco PIX ASA

    Moved to Cisco Security.
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Blocking Spotify on Cisco PIX ASA

      Ok, here is an example:

      Code:
      PIX#
      PIX#conf t
      PIX(config)# access-list Deny-Spotify extended deny ip any 78.31.8.0 255.255.252.0
      PIX(config)# access-list Deny-Spotify extended permit ip any any
      PIX(config)# access-group Deny-Spotify out interface inside
      PIX(config)#
      That access-list will block ip range (78.31.8.0 - 78.31.11.255)
      CCNA, Network+

      Comment


      • #4
        Re: Blocking Spotify on Cisco PIX ASA

        Hi Daze,

        That's great, thank you so much. Can I confirm that will stop access from the inside out?

        Is there still any need to block the various ports that Spotify uses or access to the ap.spotify.com address that Spotify uses?

        Thanks again for your assistance.

        Comment


        • #5
          Re: Blocking Spotify on Cisco PIX ASA

          Originally posted by emalbon View Post
          ap.spotify.com
          If you ping it, you'll see that it's in the blocked IP range.
          Gareth Howells

          BSc (Hons), MBCS, MCP, MCDST, ICCE

          Any advice is given in good faith and without warranty.

          Please give reputation points if somebody has helped you.

          "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

          "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

          Comment

          Working...
          X