Block Bittorrent, device suggestions please for NZ business

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › Block Bittorrent, device suggestions please for NZ business

Tooomuch

5 posts

Wannabe Geek

Topic # 89449 2-Sep-2011 14:38

I have a Juniper Netscreen 5GT, users can only use port 80 and 8080, but Bittorrent can use these ports, I have Google'd 'Block Bittorrent' (NZ pages) but you just get people going on about the new 3Strikes policy (which is understandable), I can not find actual 100% solutions, if it means paying $1000 plus for a Deep Inspection/Intrusion Protection device that would be great, or links for help please

1 | 2 | 3

341 posts

Ultimate Geek
+1 received by user: 26

Trusted

Reply # 515966 2-Sep-2011 22:07

You really need a UTM appliance with packet inspection (most dedicated UTM/Firewall boxes have it now) to do this, or build one yourself. Cyberoam boxes have been flying out the door, as they're fairly cheap to buy, although you need to pay an annual fee for the Application Filtering license (which filters P2P among other things).

There's been some discussion on this topic in this thread.

l43a2

1452 posts

Uber Geek
+1 received by user: 456

Trusted

Reply # 516001 2-Sep-2011 23:47

can try block all the known trackers ?

cheap secure seedboxes

Try Wrike: fast, easy, and efficient project collaboration software

Aaroona

:)
2867 posts

Uber Geek
+1 received by user: 84

Subscriber

Reply # 516333 4-Sep-2011 08:46

Wouldn't L7 filtering be enough for this type of stuff? if P2P traffic is detected, it'll block it... FWIR, L7 isn't port dependant... Maybe work looking into, since quite a few firewalls etc now provide L7..

Tooomuch

5 posts

Wannabe Geek

Reply # 516693 5-Sep-2011 09:42

Thanks, I am looking into the Cyberoam boxes

Ragnor

8020 posts

Uber Geek
+1 received by user: 387

Trusted

Subscriber

Reply # 516723 5-Sep-2011 10:32

Aaroona: Wouldn't L7 filtering be enough for this type of stuff? if P2P traffic is detected, it'll block it... FWIR, L7 isn't port dependant... Maybe work looking into, since quite a few firewalls etc now provide L7..

Bit torrent can be encrypted (think it defaults to on in utorrent) so L7 dpi can only detect "p2p" based on the traffic flow/behaviour. If you block on this you will get collateral damage like blocking skype, gaming and other stuff.

There is no silver bullet for this.

vulcannz

217 posts

Master Geek
+1 received by user: 37

Reply # 517700 6-Sep-2011 18:37

Ragnor:
Aaroona: Wouldn't L7 filtering be enough for this type of stuff? if P2P traffic is detected, it'll block it... FWIR, L7 isn't port dependant... Maybe work looking into, since quite a few firewalls etc now provide L7..

Bit torrent can be encrypted (think it defaults to on in utorrent) so L7 dpi can only detect "p2p" based on the traffic flow/behaviour. If you block on this you will get collateral damage like blocking skype, gaming and other stuff.

There is no silver bullet for this.

Not true. Encrypted BT uses a predetermined handshake (do you ever remember setting up certs or keys for a torrent client :D ) so while you cannot inspect the content of an encrypted bit torrent stream the initial session setup is fairly visible.

Last week I helped a client in laying down some smack on a contractor in their network trying to use an encrypted bit torrent client that was extremely aggressive.

Entry level Sonicwalls would be a good place to start. Palo Alto Networks is another option but pricey, their positive ips model is beautiful for blocking unknown apps.

The other thing to remember is whatever solution you go for make sure you back it up with good reporting. At the very least this is going to be your 2nd layer of defense :)

richms

20905 posts

Uber Geek
+1 received by user: 4105

Trusted

Subscriber

Reply # 517711 6-Sep-2011 19:20

Blocking based on handshake is just a cat and mouse game with the torrent developers. IMO they really need to make it operate with multiple underlying protocols so that it can look like an actual SMTP, POP, HTTP session etc to get around blocking.

Richard rich.ms

nickb800

1874 posts

Uber Geek
+1 received by user: 262

Trusted

Reply # 517720 6-Sep-2011 19:45

l43a2: can try block all the known trackers ?

How about this one? I get that it isnt blocking torrenting persay, but it would seem like the first, most easy step towards reducing liability, and would block quite a few amateur attempts to torrent from your network

richms

20905 posts

Uber Geek
+1 received by user: 4105

Trusted

Subscriber

Reply # 517727 6-Sep-2011 20:13

Public trackers are not needed with DHT, so will have no effect, private trackers will possibly be something you can target with blocking them but anyone smart enough to use a private tracker will get around that in no time.

Richard rich.ms

raytaylor

3143 posts

Uber Geek
+1 received by user: 565

Trusted

Reply # 517752 6-Sep-2011 20:50

a super simple solution
PROXY SERVER

if its a business, most users dont need direct access to the internet.
So you can use a windows or linux pc, with two network cards. One connects to the router, the other connects to the LAN.

Run a free proxy server application (analogx makes a good one) which you can download for free.

Then set the web browsers on the network to use the proxy server to get their internet.

MSN messenger will still work etc. but bittorrent wont.

Ray Taylor
Taylor Broadband (rural hawkes bay)
www.ruralkiwi.com

There is no place like localhost
For my general guide to extending your wireless network Click Here

timmmay

13748 posts

Uber Geek
+1 received by user: 2390

Trusted

Subscriber

Reply # 517769 6-Sep-2011 21:19

Is this a workplace? A stated, shared policy of "anyone using Bit Torrent to share copyrighted materials will be terminated with no warning" would probably clear up most issues.

AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer

raytaylor

3143 posts

Uber Geek
+1 received by user: 565

Trusted

Reply # 517794 6-Sep-2011 21:45

timmmay: Is this a workplace? A stated, shared policy of "anyone using Bit Torrent to share copyrighted materials will be terminated with no warning" would probably clear up most issues.

even better

+1

Ray Taylor
Taylor Broadband (rural hawkes bay)
www.ruralkiwi.com

There is no place like localhost
For my general guide to extending your wireless network Click Here

kyhwana2

2413 posts

Uber Geek
+1 received by user: 133

Reply # 517797 6-Sep-2011 21:47

raytaylor: a super simple solution
PROXY SERVER

if its a business, most users dont need direct access to the internet.
So you can use a windows or linux pc, with two network cards. One connects to the router, the other connects to the LAN.

Run a free proxy server application (analogx makes a good one) which you can download for free.

Then set the web browsers on the network to use the proxy server to get their internet.

MSN messenger will still work etc. but bittorrent wont.

Actually, I think most BT clients will work through a HTTP proxy too..

raytaylor

3143 posts

Uber Geek
+1 received by user: 565

Trusted

Reply # 517805 6-Sep-2011 21:52

kyhwana2:
raytaylor: a super simple solution
PROXY SERVER

if its a business, most users dont need direct access to the internet.
So you can use a windows or linux pc, with two network cards. One connects to the router, the other connects to the LAN.

Run a free proxy server application (analogx makes a good one) which you can download for free.

Then set the web browsers on the network to use the proxy server to get their internet.

MSN messenger will still work etc. but bittorrent wont.

Actually, I think most BT clients will work through a HTTP proxy too..

As i understand, its just the tracker communications. The auctual file piece transfers shouldnt, or at lease require socks or more than just an http only proxy server.

Edit: Yes i think i am right. Vuze settings say you can proxy http tracker communications via http, peer goes through socks. The AnalogX proxy server and most others i referenced allow you to disable the socks proxy function.

Ray Taylor
Taylor Broadband (rural hawkes bay)
www.ruralkiwi.com

There is no place like localhost
For my general guide to extending your wireless network Click Here

vulcannz

217 posts

Master Geek
+1 received by user: 37

Reply # 518166 7-Sep-2011 16:15

No BT clients will happily tunnel through proxies all day long looking like HTTP requests. Some proxies do look for BT traffic but the capabilities are fairly meagre even on enterprise solutions.

1 | 2 | 3