Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsLAN (ethernet/Wifi/routers/Bluetooth)Block Bittorrent, device suggestions please for NZ business
Tooomuch

5 posts

Wannabe Geek


#89449 2-Sep-2011 14:38
Send private message

I have a Juniper Netscreen 5GT, users can only use port 80 and 8080, but Bittorrent can use these ports, I have Google'd 'Block Bittorrent' (NZ pages) but you just get people going on about the new 3Strikes policy (which is understandable), I can not find actual 100% solutions, if it means paying $1000 plus for a Deep Inspection/Intrusion Protection device that would be great, or links for help please

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3
theEd
341 posts

Ultimate Geek
+1 received by user: 26

Trusted

  #515966 2-Sep-2011 22:07
Send private message

You really need a UTM appliance with packet inspection (most dedicated UTM/Firewall boxes have it now) to do this, or build one yourself. Cyberoam boxes have been flying out the door, as they're fairly cheap to buy, although you need to pay an annual fee for the Application Filtering license (which filters P2P among other things).

There's been some discussion on this topic in this thread.



l43a2
1784 posts

Uber Geek
+1 received by user: 591

ID Verified
Trusted

  #516001 2-Sep-2011 23:47
Send private message

can try block all the known trackers ?





Aaroona
3204 posts

Uber Geek
+1 received by user: 169


  #516333 4-Sep-2011 08:46
Send private message

Wouldn't L7 filtering be enough for this type of stuff? if P2P traffic is detected, it'll block it... FWIR, L7 isn't port dependant... Maybe work looking into, since quite a few firewalls etc now provide L7..



Tooomuch

5 posts

Wannabe Geek


  #516693 5-Sep-2011 09:42
Send private message

Thanks, I am looking into the Cyberoam boxes

Ragnor
8279 posts

Uber Geek
+1 received by user: 585

Trusted

  #516723 5-Sep-2011 10:32
Send private message

Aaroona: Wouldn't L7 filtering be enough for this type of stuff? if P2P traffic is detected, it'll block it... FWIR, L7 isn't port dependant... Maybe work looking into, since quite a few firewalls etc now provide L7..


Bit torrent can be encrypted (think it defaults to on in utorrent) so L7 dpi can only detect "p2p" based on the traffic flow/behaviour.  If you block on this you will get collateral damage like blocking skype, gaming and other stuff.

There is no silver bullet for this.

vulcannz
436 posts

Ultimate Geek
+1 received by user: 136
Inactive user


  #517700 6-Sep-2011 18:37
Send private message

Ragnor:
Aaroona: Wouldn't L7 filtering be enough for this type of stuff? if P2P traffic is detected, it'll block it... FWIR, L7 isn't port dependant... Maybe work looking into, since quite a few firewalls etc now provide L7..


Bit torrent can be encrypted (think it defaults to on in utorrent) so L7 dpi can only detect "p2p" based on the traffic flow/behaviour.  If you block on this you will get collateral damage like blocking skype, gaming and other stuff.

There is no silver bullet for this.


Not true. Encrypted BT uses a predetermined handshake (do you ever remember setting up certs or keys for a torrent client :D ) so while you cannot inspect the content of an encrypted bit torrent stream the initial session setup is fairly visible.

Last week I helped a client in laying down some smack on a contractor in their network trying to use an encrypted bit torrent client that was extremely aggressive.

Entry level Sonicwalls would be a good place to start. Palo Alto Networks is another option but pricey, their positive ips model is beautiful for blocking unknown apps.

The other thing to remember is whatever solution you go for make sure you back it up with good reporting. At the very least this is going to be your 2nd layer of defense :)

 
 
 
 

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.
richms
29097 posts

Uber Geek
+1 received by user: 10205

Trusted
Lifetime subscriber

  #517711 6-Sep-2011 19:20
Send private message

Blocking based on handshake is just a cat and mouse game with the torrent developers. IMO they really need to make it operate with multiple underlying protocols so that it can look like an actual SMTP, POP, HTTP session etc to get around blocking.




Richard rich.ms

nickb800
2735 posts

Uber Geek
+1 received by user: 829

Trusted

  #517720 6-Sep-2011 19:45
Send private message

l43a2: can try block all the known trackers ?


How about this one? I get that it isnt blocking torrenting persay, but it would seem like the first, most easy step towards reducing liability, and would block quite a few amateur attempts to torrent from your network

richms
29097 posts

Uber Geek
+1 received by user: 10205

Trusted
Lifetime subscriber

  #517727 6-Sep-2011 20:13
Send private message

Public trackers are not needed with DHT, so will have no effect, private trackers will possibly be something you can target with blocking them but anyone smart enough to use a private tracker will get around that in no time.




Richard rich.ms

raytaylor
4076 posts

Uber Geek
+1 received by user: 1296

Trusted

  #517752 6-Sep-2011 20:50
Send private message

a super simple solution
PROXY SERVER

if its a business, most users dont need direct access to the internet.
So you can use a windows or linux pc, with two network cards. One connects to the router, the other connects to the LAN.

Run a free proxy server application (analogx makes a good one) which you can download for free.

Then set the web browsers on the network to use the proxy server to get their internet.

MSN messenger will still work etc. but bittorrent wont.




Ray Taylor

There is no place like localhost

Spreadsheet for Comparing Electricity Plans Here

timmmay
20857 posts

Uber Geek
+1 received by user: 5349

Trusted
Lifetime subscriber

  #517769 6-Sep-2011 21:19
Send private message

Is this a workplace? A stated, shared policy of "anyone using Bit Torrent to share copyrighted materials will be terminated with no warning" would probably clear up most issues.

 
 
 
 

Shop on-line at New World now for your groceries (affiliate link).
raytaylor
4076 posts

Uber Geek
+1 received by user: 1296

Trusted

  #517794 6-Sep-2011 21:45
Send private message

timmmay: Is this a workplace? A stated, shared policy of "anyone using Bit Torrent to share copyrighted materials will be terminated with no warning" would probably clear up most issues.


even better

+1




Ray Taylor

There is no place like localhost

Spreadsheet for Comparing Electricity Plans Here

kyhwana2
2572 posts

Uber Geek
+1 received by user: 233


  #517797 6-Sep-2011 21:47
Send private message

raytaylor: a super simple solution
PROXY SERVER

if its a business, most users dont need direct access to the internet.
So you can use a windows or linux pc, with two network cards. One connects to the router, the other connects to the LAN.

Run a free proxy server application (analogx makes a good one) which you can download for free.

Then set the web browsers on the network to use the proxy server to get their internet.

MSN messenger will still work etc. but bittorrent wont.


Actually, I think most BT clients will work through a HTTP proxy too..

raytaylor
4076 posts

Uber Geek
+1 received by user: 1296

Trusted

  #517805 6-Sep-2011 21:52
Send private message

kyhwana2:
raytaylor: a super simple solution
PROXY SERVER

if its a business, most users dont need direct access to the internet.
So you can use a windows or linux pc, with two network cards. One connects to the router, the other connects to the LAN.

Run a free proxy server application (analogx makes a good one) which you can download for free.

Then set the web browsers on the network to use the proxy server to get their internet.

MSN messenger will still work etc. but bittorrent wont.


Actually, I think most BT clients will work through a HTTP proxy too..



As i understand, its just the tracker communications. The auctual file piece transfers shouldnt, or at lease require socks or more than just an http only proxy server.

Edit: Yes i think i am right. Vuze settings say you can proxy http tracker communications via http, peer goes through socks. The AnalogX proxy server and most others i referenced allow you to disable the socks proxy function.




Ray Taylor

There is no place like localhost

Spreadsheet for Comparing Electricity Plans Here

vulcannz
436 posts

Ultimate Geek
+1 received by user: 136
Inactive user


  #518166 7-Sep-2011 16:15
Send private message

No BT clients will happily tunnel through proxies all day long looking like HTTP requests. Some proxies do look for BT traffic but the capabilities are fairly meagre even on enterprise solutions.

 1 | 2 | 3
View this topic in a long page with up to 500 replies per page Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright