IDS mailing list archives

RE: Bittorrent - utorrent

From: "Erick Jensen" <ejensen () vibrant com>
Date: Fri, 9 Mar 2007 17:02:15 -0600

I would say, this is something that you can't control.  Yes, bit-torrent traffic can be encrypted, and it CAN run on 
443.  But I switched mine to a random port in the 14000 range.  Then I check mark the "encrypted only" box and say 
"good luck Comcast!".  


I think the only effective way of hindering bit-torrent is what some universities do.  They limit the bandwidth and 
allow only burst of full bandwidth.  That way they make bit torrent unbearable to use.  So far that's the only way to 
counter the bit-torrent traffic.   

Has anyone else heard of a better way?



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Ove Dalgård Hansen
Sent: Wednesday, March 07, 2007 1:38 PM
To: focus-ids () securityfocus com
Subject: Bittorrent - utorrent

Hello Everyone,

I am in a bit of trouble,

On a network where i am configuring IDS - using ASA5510 + SSM module, we try to deny access to Bittorrent downloads - 
it consumes quite a bit of bandwith and is not allowed by the company's policy.
We try to filter bittorrent which succedes - but the utorrent changes protocol and goes by the SSL port 443 and thereby 
circumvent the IDS, since its not possible to see the encrypted traffic. 

Does anyone out there have a good idea of how i am to solve the issue?


Best Regards

Ove Hansen
IT-Quality A/S 
Banemarksvej 50F
Denmark - 2605




------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------

Current thread:

Re: Bittorrent - utorrent, (continued)
- - - Re: Bittorrent - utorrent Tremaine Lea (Mar 14)
    - Re: WAS: Bittorrent - utorrent NOW: Certificate Talk Randal T. Rioux (Mar 19)
    - Re: WAS: Bittorrent - utorrent NOW: Certificate Talk Tremaine Lea (Mar 19)
    - RE: WAS: Bittorrent - utorrent NOW: Certificate Talk Erick Jensen (Mar 20)
    - Re: Bittorrent - utorrent Roland Turner (Security Focus) (Mar 14)
- RE: Bittorrent - utorrent Baki Gábor (Mar 09)
- Re: Bittorrent - utorrent Christian Kreibich (Mar 09)
- Re: Bittorrent - utorrent Tremaine Lea (Mar 09)
- Re: Bittorrent - utorrent Michał Melewski (Mar 09)
- RE: Bittorrent - utorrent Goran Pizent (Mar 09)
- RE: Bittorrent - utorrent Erick Jensen (Mar 09)
  - Re: Bittorrent - utorrent Tremaine Lea (Mar 12)
  - Re: Bittorrent - utorrent Stephen Clowater (Mar 12)
  - RE: Bittorrent - utorrent Velasquez Venegas Jaime Omar (Mar 12)
- Re: Bittorrent - utorrent Jex (Mar 12)
- Re: Bittorrent - utorrent David J. Bianco (Mar 19)
  - Re: Bittorrent - utorrent Tremaine Lea (Mar 19)
    - Re: Bittorrent - utorrent David J. Bianco (Mar 19)
    - Re: Bittorrent - utorrent Rocky (Mar 29)
  - RE: Bittorrent - utorrent Bourque Daniel (Mar 19)
    - Re: Bittorrent - utorrent Albert Gonzalez (Mar 20)

(Thread continues...)