Re: How to disable/prevent p2p bittorent ?

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 07/12/05 

Date: Tue, 12 Jul 2005 02:20:24 -0500

"N. Miller" <anonymous@discussions.microsoft.com> wrote in message
news:7ia94gfdhywa.dlg@discussions.microsoft.com...
> On Tue, 12 Jul 2005 01:57:39 -0500, Steven L Umbach wrote:
>
>> "Kresna Rudy K" <KresnaRudyK@discussions.microsoft.com> wrote in message
>> news:B0641A9C-6300-478A-87A7-5F9556159D12@microsoft.com...
>
>>> Is there a way to prevent or disable p2p bittorent ?
>>> I don't want users in my office to use bittorent client to download huge
>>> files, this kill my internet bandwidth.
>
>> I don't use it but from a Google search it seems that it uses TCP ports
>> 6881 - 6889. If that is the case you could configure your firewall device
>> to
>> block access to outbound ports 6881 - 6889. It is best practice to
>> configure
>> your firewall to by default block all outbound traffic and then add the
>> allowed exceptions. If your firewall can not do such you may want to
>> invest
>> in one that can or at least use one that can block those outbound ports
>> if
>> your's can not. Ipsec filtering could also be configures to have the same
>> effect on Windows 2000/XP Pro computers and can be managed via Group
>> Policy
>> if you have an Active Directory domain. --- Steve
>
> Blocking ports 6881-6889 likely won't work. Every BitTorrent client that I
> have seen mentioned can be configured to use non-default ports; and the BT
> mavens strongly suggest doing so.
>
> Because this is an office issue, probably the only thing to do is packet
> sniffing for BT spoor, and counseling the abusers when it is found. Be
> sure
> you have a written policy for all employees to sign announcing that all
> company traffic is subject to packet sniffing; CYA.
>
> --
> Norman
> ~Win dain a lotica, En vai tu ri, Si lo ta
> ~Fin dein a loluca, En dragu a sei lain
> ~Vi fa-ru les shutai am, En riga-lint

Thanks for that information. That is why I suggested that he should try to
configure his firewall with a block all default rule and then define the
allowed exceptions or do the same with ipsec filtering. Software firewalls
could also be another option with application based rules assuming that the
end user can not reconfigure the firewall. I agree with the computer use
policy though it seems many, especially small offices, seem reluctant to do
that for whatever reason and are always looking for a technological solution
even if it costs more money. --- Steve

Relevant Pages

  • Re: Trouble accessing Outlook Web Access from behind firewall
    ... When starting the firewall I also set ... > rejected and dropped packets are logged, however I see nothing in my log ... > # Higher ports needed to accept incoming/outgoing calls ...
    (comp.security.firewalls)
  • Re: iptables configuration
    ... >> that if a 'virus/trojan' initiated a connection to the net, the firewall ... >> would not protect the LAN. ... The LAN is NATed with private IPs to one public IP. ... the ports that are used by services running on linux. ...
    (comp.os.linux.security)
  • Re: Norton Personal Firewall 2003
    ... |> First thing I would do is put the GRC test site into the Exclusions ... | ports they will not get the same result being in my blocklist, ... the firewall checks unsolicited inbound communications attempts. ...
    (comp.security.firewalls)
  • Re: How to stealth against ping/echo requests?
    ... I just started using the Online-Armor firewall. ... Some ports are even open. ... Are you behind a router? ... Every time it founds a new LAN, it asks if you want to trust it ...
    (comp.security.firewalls)
  • Re: What is broken:McAfeee firewall or my router ????? Urgent, ple
    ... your computer regardless of what McAfee firewall said. ... If your router is ... warned about those ports being available right away if you had any of those ...
    (microsoft.public.security)