Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


5 posts

Wannabe Geek


Topic # 89449 2-Sep-2011 14:38
Send private message

I have a Juniper Netscreen 5GT, users can only use port 80 and 8080, but Bittorrent can use these ports, I have Google'd 'Block Bittorrent' (NZ pages) but you just get people going on about the new 3Strikes policy (which is understandable), I can not find actual 100% solutions, if it means paying $1000 plus for a Deep Inspection/Intrusion Protection device that would be great, or links for help please

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3
341 posts

Ultimate Geek
+1 received by user: 26

Trusted

  Reply # 515966 2-Sep-2011 22:07
Send private message

You really need a UTM appliance with packet inspection (most dedicated UTM/Firewall boxes have it now) to do this, or build one yourself. Cyberoam boxes have been flying out the door, as they're fairly cheap to buy, although you need to pay an annual fee for the Application Filtering license (which filters P2P among other things).

There's been some discussion on this topic in this thread.

1485 posts

Uber Geek
+1 received by user: 466

Trusted

  Reply # 516001 2-Sep-2011 23:47
Send private message

can try block all the known trackers ?




:)
2885 posts

Uber Geek
+1 received by user: 90

Subscriber

  Reply # 516333 4-Sep-2011 08:46
Send private message

Wouldn't L7 filtering be enough for this type of stuff? if P2P traffic is detected, it'll block it... FWIR, L7 isn't port dependant... Maybe work looking into, since quite a few firewalls etc now provide L7..







5 posts

Wannabe Geek


  Reply # 516693 5-Sep-2011 09:42
Send private message

Thanks, I am looking into the Cyberoam boxes

8027 posts

Uber Geek
+1 received by user: 387

Trusted
Subscriber

  Reply # 516723 5-Sep-2011 10:32
Send private message

Aaroona: Wouldn't L7 filtering be enough for this type of stuff? if P2P traffic is detected, it'll block it... FWIR, L7 isn't port dependant... Maybe work looking into, since quite a few firewalls etc now provide L7..


Bit torrent can be encrypted (think it defaults to on in utorrent) so L7 dpi can only detect "p2p" based on the traffic flow/behaviour.  If you block on this you will get collateral damage like blocking skype, gaming and other stuff.

There is no silver bullet for this.

309 posts

Ultimate Geek
+1 received by user: 69


  Reply # 517700 6-Sep-2011 18:37
Send private message

Ragnor:
Aaroona: Wouldn't L7 filtering be enough for this type of stuff? if P2P traffic is detected, it'll block it... FWIR, L7 isn't port dependant... Maybe work looking into, since quite a few firewalls etc now provide L7..


Bit torrent can be encrypted (think it defaults to on in utorrent) so L7 dpi can only detect "p2p" based on the traffic flow/behaviour.  If you block on this you will get collateral damage like blocking skype, gaming and other stuff.

There is no silver bullet for this.


Not true. Encrypted BT uses a predetermined handshake (do you ever remember setting up certs or keys for a torrent client :D ) so while you cannot inspect the content of an encrypted bit torrent stream the initial session setup is fairly visible.

Last week I helped a client in laying down some smack on a contractor in their network trying to use an encrypted bit torrent client that was extremely aggressive.

Entry level Sonicwalls would be a good place to start. Palo Alto Networks is another option but pricey, their positive ips model is beautiful for blocking unknown apps.

The other thing to remember is whatever solution you go for make sure you back it up with good reporting. At the very least this is going to be your 2nd layer of defense :)


21388 posts

Uber Geek
+1 received by user: 4336

Trusted
Subscriber

  Reply # 517711 6-Sep-2011 19:20
Send private message

Blocking based on handshake is just a cat and mouse game with the torrent developers. IMO they really need to make it operate with multiple underlying protocols so that it can look like an actual SMTP, POP, HTTP session etc to get around blocking.




Richard rich.ms

1996 posts

Uber Geek
+1 received by user: 331

Trusted

  Reply # 517720 6-Sep-2011 19:45
Send private message

l43a2: can try block all the known trackers ?


How about this one? I get that it isnt blocking torrenting persay, but it would seem like the first, most easy step towards reducing liability, and would block quite a few amateur attempts to torrent from your network

21388 posts

Uber Geek
+1 received by user: 4336

Trusted
Subscriber

  Reply # 517727 6-Sep-2011 20:13
Send private message

Public trackers are not needed with DHT, so will have no effect, private trackers will possibly be something you can target with blocking them but anyone smart enough to use a private tracker will get around that in no time.




Richard rich.ms

3224 posts

Uber Geek
+1 received by user: 624

Trusted

  Reply # 517752 6-Sep-2011 20:50
Send private message

a super simple solution
PROXY SERVER

if its a business, most users dont need direct access to the internet.
So you can use a windows or linux pc, with two network cards. One connects to the router, the other connects to the LAN.

Run a free proxy server application (analogx makes a good one) which you can download for free.

Then set the web browsers on the network to use the proxy server to get their internet.

MSN messenger will still work etc. but bittorrent wont.




Ray Taylor
Taylor Broadband (rural hawkes bay)
www.ruralkiwi.com

There is no place like localhost
For my general guide to extending your wireless network Click Here




14109 posts

Uber Geek
+1 received by user: 2527

Trusted
Subscriber

  Reply # 517769 6-Sep-2011 21:19
Send private message

Is this a workplace? A stated, shared policy of "anyone using Bit Torrent to share copyrighted materials will be terminated with no warning" would probably clear up most issues.




AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer


3224 posts

Uber Geek
+1 received by user: 624

Trusted

  Reply # 517794 6-Sep-2011 21:45
Send private message

timmmay: Is this a workplace? A stated, shared policy of "anyone using Bit Torrent to share copyrighted materials will be terminated with no warning" would probably clear up most issues.


even better

+1




Ray Taylor
Taylor Broadband (rural hawkes bay)
www.ruralkiwi.com

There is no place like localhost
For my general guide to extending your wireless network Click Here




2439 posts

Uber Geek
+1 received by user: 144


  Reply # 517797 6-Sep-2011 21:47
Send private message

raytaylor: a super simple solution
PROXY SERVER

if its a business, most users dont need direct access to the internet.
So you can use a windows or linux pc, with two network cards. One connects to the router, the other connects to the LAN.

Run a free proxy server application (analogx makes a good one) which you can download for free.

Then set the web browsers on the network to use the proxy server to get their internet.

MSN messenger will still work etc. but bittorrent wont.


Actually, I think most BT clients will work through a HTTP proxy too..


3224 posts

Uber Geek
+1 received by user: 624

Trusted

  Reply # 517805 6-Sep-2011 21:52
Send private message

kyhwana2:
raytaylor: a super simple solution
PROXY SERVER

if its a business, most users dont need direct access to the internet.
So you can use a windows or linux pc, with two network cards. One connects to the router, the other connects to the LAN.

Run a free proxy server application (analogx makes a good one) which you can download for free.

Then set the web browsers on the network to use the proxy server to get their internet.

MSN messenger will still work etc. but bittorrent wont.


Actually, I think most BT clients will work through a HTTP proxy too..



As i understand, its just the tracker communications. The auctual file piece transfers shouldnt, or at lease require socks or more than just an http only proxy server.

Edit: Yes i think i am right. Vuze settings say you can proxy http tracker communications via http, peer goes through socks. The AnalogX proxy server and most others i referenced allow you to disable the socks proxy function.




Ray Taylor
Taylor Broadband (rural hawkes bay)
www.ruralkiwi.com

There is no place like localhost
For my general guide to extending your wireless network Click Here




309 posts

Ultimate Geek
+1 received by user: 69


  Reply # 518166 7-Sep-2011 16:15
Send private message

No BT clients will happily tunnel through proxies all day long looking like HTTP requests. Some proxies do look for BT traffic but the capabilities are fairly meagre even on enterprise solutions.

 1 | 2 | 3
View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.