Block Bittorrent, device suggestions please for NZ business

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › Block Bittorrent, device suggestions please for NZ business

Tooomuch

5 posts

Wannabe Geek

#89449 2-Sep-2011 14:38

I have a Juniper Netscreen 5GT, users can only use port 80 and 8080, but Bittorrent can use these ports, I have Google'd 'Block Bittorrent' (NZ pages) but you just get people going on about the new 3Strikes policy (which is understandable), I can not find actual 100% solutions, if it means paying $1000 plus for a Deep Inspection/Intrusion Protection device that would be great, or links for help please

1 | 2 | 3

341 posts

Ultimate Geek

Trusted

#515966 2-Sep-2011 22:07

You really need a UTM appliance with packet inspection (most dedicated UTM/Firewall boxes have it now) to do this, or build one yourself. Cyberoam boxes have been flying out the door, as they're fairly cheap to buy, although you need to pay an annual fee for the Application Filtering license (which filters P2P among other things).

There's been some discussion on this topic in this thread.

l43a2

1599 posts

Uber Geek

Trusted

#516001 2-Sep-2011 23:47

can try block all the known trackers ?

Aaroona

Human
2982 posts

Uber Geek

Subscriber

#516333 4-Sep-2011 08:46

Wouldn't L7 filtering be enough for this type of stuff? if P2P traffic is detected, it'll block it... FWIR, L7 isn't port dependant... Maybe work looking into, since quite a few firewalls etc now provide L7..

Tooomuch

5 posts

Wannabe Geek

#516693 5-Sep-2011 09:42

Thanks, I am looking into the Cyberoam boxes

Ragnor

8035 posts

Uber Geek

Trusted

#516723 5-Sep-2011 10:32

Aaroona: Wouldn't L7 filtering be enough for this type of stuff? if P2P traffic is detected, it'll block it... FWIR, L7 isn't port dependant... Maybe work looking into, since quite a few firewalls etc now provide L7..

Bit torrent can be encrypted (think it defaults to on in utorrent) so L7 dpi can only detect "p2p" based on the traffic flow/behaviour. If you block on this you will get collateral damage like blocking skype, gaming and other stuff.

There is no silver bullet for this.

vulcannz

436 posts

Ultimate Geek
Inactive user

#517700 6-Sep-2011 18:37

Ragnor:
Aaroona: Wouldn't L7 filtering be enough for this type of stuff? if P2P traffic is detected, it'll block it... FWIR, L7 isn't port dependant... Maybe work looking into, since quite a few firewalls etc now provide L7..

Bit torrent can be encrypted (think it defaults to on in utorrent) so L7 dpi can only detect "p2p" based on the traffic flow/behaviour. If you block on this you will get collateral damage like blocking skype, gaming and other stuff.

There is no silver bullet for this.

Not true. Encrypted BT uses a predetermined handshake (do you ever remember setting up certs or keys for a torrent client :D ) so while you cannot inspect the content of an encrypted bit torrent stream the initial session setup is fairly visible.

Last week I helped a client in laying down some smack on a contractor in their network trying to use an encrypted bit torrent client that was extremely aggressive.

Entry level Sonicwalls would be a good place to start. Palo Alto Networks is another option but pricey, their positive ips model is beautiful for blocking unknown apps.

The other thing to remember is whatever solution you go for make sure you back it up with good reporting. At the very least this is going to be your 2nd layer of defense :)

richms

23462 posts

Uber Geek

Trusted

Subscriber

#517711 6-Sep-2011 19:20

Blocking based on handshake is just a cat and mouse game with the torrent developers. IMO they really need to make it operate with multiple underlying protocols so that it can look like an actual SMTP, POP, HTTP session etc to get around blocking.

Richard rich.ms

nickb800

2438 posts

Uber Geek

Trusted

#517720 6-Sep-2011 19:45

l43a2: can try block all the known trackers ?

How about this one? I get that it isnt blocking torrenting persay, but it would seem like the first, most easy step towards reducing liability, and would block quite a few amateur attempts to torrent from your network

richms

23462 posts

Uber Geek

Trusted

Subscriber

#517727 6-Sep-2011 20:13

Public trackers are not needed with DHT, so will have no effect, private trackers will possibly be something you can target with blocking them but anyone smart enough to use a private tracker will get around that in no time.

Richard rich.ms

raytaylor

3455 posts

Uber Geek

Trusted

#517752 6-Sep-2011 20:50

a super simple solution
PROXY SERVER

if its a business, most users dont need direct access to the internet.
So you can use a windows or linux pc, with two network cards. One connects to the router, the other connects to the LAN.

Run a free proxy server application (analogx makes a good one) which you can download for free.

Then set the web browsers on the network to use the proxy server to get their internet.

MSN messenger will still work etc. but bittorrent wont.

Ray Taylor
Taylor Broadband (rural hawkes bay)
www.ruralkiwi.com

There is no place like localhost
For my general guide to extending your wireless network Click Here

timmmay

16216 posts

Uber Geek

Trusted

Subscriber

#517769 6-Sep-2011 21:19

Is this a workplace? A stated, shared policy of "anyone using Bit Torrent to share copyrighted materials will be terminated with no warning" would probably clear up most issues.

raytaylor

3455 posts

Uber Geek

Trusted

#517794 6-Sep-2011 21:45

timmmay: Is this a workplace? A stated, shared policy of "anyone using Bit Torrent to share copyrighted materials will be terminated with no warning" would probably clear up most issues.

even better

+1

Ray Taylor
Taylor Broadband (rural hawkes bay)
www.ruralkiwi.com

There is no place like localhost
For my general guide to extending your wireless network Click Here

kyhwana2

2469 posts

Uber Geek

#517797 6-Sep-2011 21:47

raytaylor: a super simple solution
PROXY SERVER

if its a business, most users dont need direct access to the internet.
So you can use a windows or linux pc, with two network cards. One connects to the router, the other connects to the LAN.

Run a free proxy server application (analogx makes a good one) which you can download for free.

Then set the web browsers on the network to use the proxy server to get their internet.

MSN messenger will still work etc. but bittorrent wont.

Actually, I think most BT clients will work through a HTTP proxy too..

raytaylor

3455 posts

Uber Geek

Trusted

#517805 6-Sep-2011 21:52

kyhwana2:
raytaylor: a super simple solution
PROXY SERVER

if its a business, most users dont need direct access to the internet.
So you can use a windows or linux pc, with two network cards. One connects to the router, the other connects to the LAN.

Run a free proxy server application (analogx makes a good one) which you can download for free.

Then set the web browsers on the network to use the proxy server to get their internet.

MSN messenger will still work etc. but bittorrent wont.

Actually, I think most BT clients will work through a HTTP proxy too..

As i understand, its just the tracker communications. The auctual file piece transfers shouldnt, or at lease require socks or more than just an http only proxy server.

Edit: Yes i think i am right. Vuze settings say you can proxy http tracker communications via http, peer goes through socks. The AnalogX proxy server and most others i referenced allow you to disable the socks proxy function.

Ray Taylor
Taylor Broadband (rural hawkes bay)
www.ruralkiwi.com

There is no place like localhost
For my general guide to extending your wireless network Click Here

vulcannz

436 posts

Ultimate Geek
Inactive user

#518166 7-Sep-2011 16:15

No BT clients will happily tunnel through proxies all day long looking like HTTP requests. Some proxies do look for BT traffic but the capabilities are fairly meagre even on enterprise solutions.

1 | 2 | 3