This is really the only effective solution. After all, using iptables and
mangle can thwart just about anything. I thwart my ISP by re-writing the TOS
value to 0x10 for every packet. Since its too expensive for an ISP to write
TOS values tor anything other then packets in a NEW connection state, my
first minute of downloading is slow, then I'm back up to maxing out my pipe.
Despite complex QOS rules.
The only real effective solution is to somewhat limit bandwidth to burst
bandwidth, and then limit the number of connections per machine to some low
number like 20. Bittorent works off of swarming, and generally needs more
than 20 hosts to end up going quite fast. Those two in combination will
probably make bittorent quite painful to use.
On March 9, 2007 07:02:15 pm Erick Jensen wrote:
I would say, this is something that you can't control. Yes, bit-torrent
traffic can be encrypted, and it CAN run on 443. But I switched mine to a
random port in the 14000 range. Then I check mark the "encrypted only" box
and say "good luck Comcast!".
I think the only effective way of hindering bit-torrent is what some
universities do. They limit the bandwidth and allow only burst of full
bandwidth. That way they make bit torrent unbearable to use. So far
that's the only way to counter the bit-torrent traffic.
Has anyone else heard of a better way?
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
Behalf Of Ove Dalgård Hansen Sent: Wednesday, March 07, 2007 1:38 PM
To: focus-ids@securityfocus.com
Subject: Bittorrent - utorrent
Hello Everyone,
I am in a bit of trouble,
On a network where i am configuring IDS - using ASA5510 + SSM module, we
try to deny access to Bittorrent downloads - it consumes quite a bit of
bandwith and is not allowed by the company's policy. We try to filter
bittorrent which succedes - but the utorrent changes protocol and goes by
the SSL port 443 and thereby circumvent the IDS, since its not possible to
see the encrypted traffic.
Does anyone out there have a good idea of how i am to solve the issue?
Best Regards
Ove Hansen
IT-Quality A/S
Banemarksvej 50F
Denmark - 2605
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=i
ntro_sfw to learn more.
------------------------------------------------------------------------
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=i
ntro_sfw to learn more.
------------------------------------------------------------------------
pgpYTbA4aGE8K.pgp
Description: PGP signature
