Hello everyone,
Thanks for all the great inputs – some good points have come up.
As I am a contractor on the job – I could not controle their policies to whats
legal and whats not – so that issue was out of the question.
Whit regards to laying down rules on legal torrents or not – these users wasn’t
super users and if they had to download Redhat – they could download it from
home –
This would calculate as bandwidth theft.
The solution I came up whit – even before it was suggested in the group here;
was to inspect for [Tt][Oo][Rr][Rr][Ee][Nn][Tt] and if this reg expression came
flowing by,
I blocked user and server. :-) So … even a search on google for torrent would
block google for that user. And every request for torrent would be blocked.
Whit this in mind – users
Would have to bring the torrent file from home. . . . all in all, bittorrent is
blocked alarmed and logged. So excessive use would fast result in a fired note.
:-) problem solved – not pretty but it works.
Med venlig hilsen / Kind regards
Ove Hansen
_____________________________________________
Fra: "Yan Zhai" [mailto:yanzhai@gmail.com]
Sendt: 22. marts 2007 20:58
Til: redhowlingwolves@bellsouth.net, focus-ids@securityfocus.com
Emne: Re: Bittorrent - utorrent
If it's not based on protocol interpretation and file type look up, maybe
it's some technology similar to this paper( "Nabs: A System for Detecting
Resource Abuses via Characterization of Flow Content Type"
http://isis.poly.edu/kulesh/research/pubs/acsac-2004.pdf)?
On Thu, 22 Mar 2007 00:57:40 -0400, scott <redhowlingwolves@bellsouth.net>
wrote:
Joshua_barnes wrote:We have a way in our system to check the source
<server for copyrighted
<material. This way, Lord of The Rings won't be downloaded, but RedHat
<could
<be. Don't kill bit torrent, it just get's mad....and then even.
Would you care to clue us in as to what software,or hardware,this could
be?
Sounds like it could possibly used in other ways as well.No more
IPod,Zune,possibly others downloaded across your network,also?
Very intriguing,
Scott
PS: How large is your network,by the way?
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
--
Yan Zhai
Ph.D.
Cyber-defense Lab
Dept. of Computer Science
North Carolina State University
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
