Re: Bittorrent - utorrent



You mean free solutions?


Block initiating traffic outbound to any port except those required for business purposes would be an excellent start.

Deploy snort at the perimeter and enable the signatures that fit your environment and address your concerns about network abuses. Choose a web front end that appeals.

Audit machines on a regular basis to find unauthorized software.

Use a proxy server (squid is free and very powerful) for all outbound web connections, and block traffic to disallowed sites.


And having said all that, make sure you have a policy in place that can be enforced. If no such policy is in place, you can't reasonably expect users to adher to unwritten rules. Get a policy, get users to sign that policy, and enforce it both technically and via HR routes.


There are definitely any number of commercial solutions that would do all of the above and more.

Tremaine Lea
Network Security Consultant



On 9-Mar-07, at 4:02 PM, Erick Jensen wrote:

I would say, this is something that you can't control. Yes, bit- torrent traffic can be encrypted, and it CAN run on 443. But I switched mine to a random port in the 14000 range. Then I check mark the "encrypted only" box and say "good luck Comcast!".


I think the only effective way of hindering bit-torrent is what some universities do. They limit the bandwidth and allow only burst of full bandwidth. That way they make bit torrent unbearable to use. So far that's the only way to counter the bit-torrent traffic.

Has anyone else heard of a better way?



-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of Ove Dalgård Hansen
Sent: Wednesday, March 07, 2007 1:38 PM
To: focus-ids@xxxxxxxxxxxxxxxxx
Subject: Bittorrent - utorrent

Hello Everyone,

I am in a bit of trouble,

On a network where i am configuring IDS - using ASA5510 + SSM module, we try to deny access to Bittorrent downloads - it consumes quite a bit of bandwith and is not allowed by the company's policy.
We try to filter bittorrent which succedes - but the utorrent changes protocol and goes by the SSL port 443 and thereby circumvent the IDS, since its not possible to see the encrypted traffic.

Does anyone out there have a good idea of how i am to solve the issue?


Best Regards

Ove Hansen
IT-Quality A/S
Banemarksvej 50F
Denmark - 2605




---------------------------------------------------------------------- --
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5? module=Form&action=impact&campaign=intro_sfw
to learn more.
---------------------------------------------------------------------- --


---------------------------------------------------------------------- --
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5? module=Form&action=impact&campaign=intro_sfw
to learn more.
---------------------------------------------------------------------- --





------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------



Relevant Pages

  • Re: [RE: Access to well-known ports on Win2K]
    ... communication typically uses the ephemeral port range. ... policy - works for all users of the machine; and can allow or block access ... many routes for deployment as you mention: Group Policy; Local Security ... > IPSec Policy Agent service then the IPSec policy is no longer active. ...
    (Focus-Microsoft)
  • RE: [RE: Access to well-known ports on Win2K]
    ... destination port and ANY source port. ... > policy - works for all users of the machine; ... > Local Security ... >> could use an IPSec policy and deploy to all users to block ...
    (Focus-Microsoft)
  • Re: event id 1030
    ... port filtering enabled and is blocking port 389. ... Windows Platform Support Team ... > Windows cannot query for the list of Group Policy objects. ...
    (microsoft.public.windows.server.active_directory)
  • Re: IPSec Policy Doesnt Really Block
    ... basic filters to allow port 80 and port 25 inbound from Any to My IP, ... >I have created ipsec policies that work. ... The I add mirrored permit rules for the exceptions such ... >> Here is a list of IPSECPOL.exe commands I am using to create the policy. ...
    (microsoft.public.win2000.networking)
  • Re: IPSec Policy Doesnt Really Block
    ... basic filters to allow port 80 and port 25 inbound from Any to My IP, ... >I have created ipsec policies that work. ... The I add mirrored permit rules for the exceptions such ... >> Here is a list of IPSECPOL.exe commands I am using to create the policy. ...
    (microsoft.public.win2000.security)