Re: Bittorrent - utorrent

Ok, so most likely no one is going to be able to truely stop torrenting 
with all the evasive measures built into it, and if you don't want to 
find the person that is at fault and make an example of them...Then 
you'll need bandwidth limiting software.

Here you go, I found a list of bandwidth limiting software that should 
drive any torrenting person insane trying to beat:

A couple of working (tested with 95/98/ME/NT/2k/XP) solutions are :

Bandwidth Controller - sets a hard cap on the nic
(rx & tx control +ip source and dest / protocol control)
www.bandwidthcontroller.com/index.html 
<http://www.bandwidthcontroller.com/index.html>

Net Limiter - puts a limit on a -per- program basis
(rx & tx control)
www.netlimiter.com <http://www.netlimiter.com>

CFOS software - performs QOS types of prioritising
(packet sheduling and bandwidth shaping)
www.cfos.de/index2_e.html <http://www.cfos.de/index2_e.html>

Net Peeker - puts a limit on a -per- program basis
www.net-peeker.com <http://www.net-peeker.com/>

Webscout - allows filtering of content and b/w / useage (mb) restrictions
-also allows file type / page blocking and individual user managment
www.globalpatrol.net/webscout <http://www.globalpatrol.net/webscout/>

Shunra Nimbus - sets a hard cap on the nic (this program is FREE)
(bi-directional cap - no rx / tx control)
www.angelfire.com/oz/shunra/Nimbus.exe 
<http://www.angelfire.com/oz/shunra/Nimbus.exe>
(ONLY WORKS WITH NT/XP)

Internet Gateway Monitor (IGM)
For win32 clients an app for helping monitor your network's traffic
(but not shape or control) : studiocoast.com/igm.asp 
<http://studiocoast.com/igm.asp>

There are more win32 solutions -BUT- myself and others have not been 
able to successfully implement them on our systems.

Linux/Unix/BSD users, a few to try :

Clark Connect : www.clarkconnect.org/info/1.2.html 
<http://www.clarkconnect.org/info/1.2.html>
Linux Advanced Routing and Traffic Control guide : lartc.org 
<http://lartc.org/>
The "Wonder Shaper" script : lartc.org/wondershaper 
<http://lartc.org/wondershaper/>

BSD : www.benzedrine.cx/ackpri.html <http://www.benzedrine.cx/ackpri.html>
(Note altq and pf have been in OpenBSD for sometime but you'll need to 
upgrade to 3.3 to get the benefits of the merged config file - Know1)

I actually googled this for the last couple of days and found this list 
at this location:

http://forums.whirlpool.net.au/forum-replies.cfm?t=65793

Which might have more links to it that you might find helpful.

Hari Sekhon wrote:
> does anyone understand how these products can inspect SSL?
>
> Perhaps I could understand if it was just the bitorrent encypted 
> traffic... but surely SSL is designed to be encrypted end to end?
>
> You'd have to intercept the certificate and replace it, prompting a 
> warning to the user.
>
> The only other way I can think of would be something like a 
> cryptographic weakness in SSL or brute forcing it somehow, but this 
> seems like it would take a ridiculous amount of computing power and 
> just doesn't seem possible...
>
> If SSL is truely decryptable on the fly in real-time in this way (or 
> even just from packet captures after some effort) it would effectively 
> render all e-business too dangerous to ever do again. I'd never buy 
> another book from Amazon ever again!
>
> Anyone care to explain how these products are supposed to work and if 
> they really can decrypt SSL or if this is marketing speech for 
> noticing encrypted patterns which isn't the same thing?
>
> -h
>
>
> Hari Sekhon
>
>
>
> Kevin Overcash wrote:
> > Breach Security has a product called BreachView SSL that passively 
> > decrypts SSL traffic for an IDS without terminating the SSL session.  
> > The product comes as either a software plug-in or an appliance.
> > http://www.breach.com/products_breachviewssl.aspI can't  (although 
> > personally I haven't encrypted bitorrent so
> >
> > ko
> >
> > -----Original Message-----
> > From: listbounce@securityfocus.com 
> > [mailto:listbounce@securityfocus.com] On Behalf Of Panayiotis Psihoyios
> > Sent: Thursday, March 08, 2007 10:01 AM
> > To: 'Ove Dalgård Hansen'; focus-ids@securityfocus.com
> > Subject: RE: Bittorrent - utorrent
> >
> > Since it is going through SSL (and no IDS can look into SSL), you 
> > have two
> > options:
> >
> > Plan A: Deny SSL traffic, but that usually this is not possible,
> > Plan B: Let your users out through a proxy server, which will identify
> > non-browser traffic using http/s header inspection. Configure your 
> > firewall
> > to permit HTTP/S out only from your proxy and not your clients.
> >
> > Regards,
> > Panayiotis
> >
> > -----Original Message-----
> > From: listbounce@securityfocus.com 
> > [mailto:listbounce@securityfocus.com] On
> > Behalf Of Ove Dalgard Hansen
> > Sent: Wednesday, March 07, 2007 9:38 PM
> > To: focus-ids@securityfocus.com
> > Subject: Bittorrent - utorrent
> >
> > Hello Everyone,
> >
> > I am in a bit of trouble,
> >
> > On a network where i am configuring IDS - using ASA5510 + SSM module, 
> > we try
> > to deny access to Bittorrent downloads - it consumes quite a bit of 
> > bandwith
> > and is not allowed by the company's policy.
> > We try to filter bittorrent which succedes - but the utorrent changes
> > protocol and goes by the SSL port 443 and thereby circumvent the IDS, 
> > since
> > its not possible to see the encrypted traffic.
> > Does anyone out there have a good idea of how i am to solve the issue?
> >
> >
> > Best Regards
> >
> > Ove Hansen
> > IT-Quality A/S Banemarksvej 50F
> > Denmark - 2605
> >
> >
> >
> >
> > ------------------------------------------------------------------------
> > Test Your IDS
> >
> > Is your IDS deployed correctly?
> > Find out quickly and easily by testing it with real-world attacks 
> > from CORE IMPACT.
> > Go to
> > http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=in 
> >
> > tro_sfw to learn more.
> > ------------------------------------------------------------------------
> >
> >
> >
> > ------------------------------------------------------------------------
> > Test Your IDS
> >
> > Is your IDS deployed correctly?
> > Find out quickly and easily by testing it with real-world attacks 
> > from CORE IMPACT.
> > Go to 
> > http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
> > to learn more.
> > ------------------------------------------------------------------------
> >
> >
> > ------------------------------------------------------------------------
> > Test Your IDS
> >
> > Is your IDS deployed correctly?
> > Find out quickly and easily by testing it with real-world attacks 
> > from CORE IMPACT.
> > Go to 
> > http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
> > to learn more.
> > ------------------------------------------------------------------------
> >
> >
> >   
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from 
> CORE IMPACT.
> Go to 
> http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
> to learn more.
> ------------------------------------------------------------------------


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------