RE: Bittorrent - utorrent

---

• From: Baki Gábor <baki.gabor@xxxxxxxxxx>
• Date: Thu, 8 Mar 2007 19:15:03 +0100

---

Hello,

Bad news: if a client can use even tcp 443 to communicate, you may have to
break the ssl channel analyze the traffice and rebuild it again.
But in this case none of your colleagues wanna use their net-bank software.
They'll see your certificate, not the bank's one.
So in this case you probably need a true content filter.

Otherwise: you have to implement some kind of software restriction policy.
If you digitally sign all of the allowed application and if you restrict
your users from running any other software, you may win. ;)

Kind regards,
Gabor Baki


-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On
Behalf Of Ove Dalgard Hansen
Sent: Wednesday, March 07, 2007 8:38 PM
To: focus-ids@xxxxxxxxxxxxxxxxx
Subject: Bittorrent - utorrent

Hello Everyone,

I am in a bit of trouble,

On a network where i am configuring IDS - using ASA5510 + SSM module, we try
to deny access to Bittorrent downloads - it consumes quite a bit of bandwith
and is not allowed by the company's policy.
We try to filter bittorrent which succedes - but the utorrent changes
protocol and goes by the SSL port 443 and thereby circumvent the IDS, since
its not possible to see the encrypted traffic.

Does anyone out there have a good idea of how i am to solve the issue?


Best Regards

Ove Hansen
IT-Quality A/S
Banemarksvej 50F
Denmark - 2605




------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=in
tro_sfw
to learn more.
------------------------------------------------------------------------


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------

---

• References:
  • Bittorrent - utorrent
    • From: Ove Dalgård Hansen

• Prev by Date: RE: Bittorrent - utorrent
• Next by Date: Re: Bittorrent - utorrent
• Previous by thread: Re: Bittorrent - utorrent
• Next by thread: Re: Bittorrent - utorrent
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: Bittorrent - utorrent ... We try to filter bittorrent which succedes - but the utorrent changes protocol and goes by the SSL port 443 and thereby circumvent the IDS, since its not possible to see the encrypted traffic. ... different externals hosts. ... looks a bit like BitTorrent when you're just seeing the session records. ... (Focus-IDS) Re: Bittorrent - utorrent ... On a network where i am configuring IDS - using ASA5510 + SSM module, we try to deny access to Bittorrent downloads - it consumes quite a bit of bandwith and is not allowed by the company's policy. ... looks a bit like BitTorrent when you're just seeing the session records. ... (Focus-IDS) Re: Bittorrent - utorrent ... The only real effective solution is to somewhat limit bandwidth to burst ... Subject: Bittorrent - utorrent ... On a network where i am configuring IDS - using ASA5510 + SSM module, ... (Focus-IDS) RE: Bittorrent - utorrent ... Breach Security has a product called BreachView SSL that passively decrypts SSL traffic for an IDS without terminating the SSL session. ... Subject: Bittorrent - utorrent ... (Focus-IDS)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > focus-ids  > 2007-03