Hi guys,
have you ever try to put a proxy server between the server torrent and
client software that make request?
This is very usefull to deny torrent traffic, the proxy server that make
the connection on 443 of server torrent, then the handshake try to make
a get http from the server torrent.
Because the server torrent isn't a web server don't reply to a http
request ,and then the proxy server don't reply to torrent session
initiated by the client.
Then you should look the proxy log to find that request that have
generated the "pleasure page" to the client, session probably the client
notified in the log is the workstation that initiate the torrent session
;)
This work well with squid.
I hope can useful for you.
Best Regards
--
Davide Sacca' --Networking Staff
Zucchetti.com
C.so Vittorio Emanuele II, 21
26900 Lodi (LO) ITALY
tel: +39 0371 5942850
GPG key: 0xAD3170FE
Key fingerprint =>63BF 78E3 6570 4678 904A E865 1B13 4483 AD31 70FE<=
"Goran Pizent" <goran.pizent@mobilnet.hr> 03/09/07 11:46 AM >>>
Hi,
If you have policy against bittorent then you should identify all
workstations that use bittorent and explain to those people that they
are
violating policy and that they could be fired because they are using
untrusted and forbidden software. Uninstall all bittorent software from
all
workstations.
Goran Pizent
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On
Behalf Of Ove Dalgard Hansen
Sent: Wednesday, March 07, 2007 8:38 PM
To: focus-ids@securityfocus.com
Subject: Bittorrent - utorrent
Hello Everyone,
I am in a bit of trouble,
On a network where i am configuring IDS - using ASA5510 + SSM module, we
try
to deny access to Bittorrent downloads - it consumes quite a bit of
bandwith
and is not allowed by the company's policy.
We try to filter bittorrent which succedes - but the utorrent changes
protocol and goes by the SSL port 443 and thereby circumvent the IDS,
since
its not possible to see the encrypted traffic.
Does anyone out there have a good idea of how i am to solve the issue?
Best Regards
Ove Hansen
IT-Quality A/S
Banemarksvej 50F
Denmark - 2605
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=in
tro_sfw
to learn more.
------------------------------------------------------------------------
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
