Re: Bittorrent - utorrent

[Jex <hewhohuntscats () gmail com>]

The classic tactics used against me in large networks are a) software
control and b) bandwidth throttling. One alone is easy enough to get
around if you know what you're doing, but both is a bit harder.

My personal fun suggestion would be to write a script that searches
for and deletes any .torrent files, with some kind of reporting to
identify which compy's this is found on and how many torrent files.
That should at least identify the offending machine.

OTHO, is it possible to configure the anti-virus/malware/firewall to
have .torrent files added to their virus definition rules?

As far as a upstream detection system, more intelligent and
experienced people than I have spoken already on such a matter. ^_~
-Jex

On 3/7/07, Ove Dalgård Hansen <odh () itq dk> wrote:
> Hello Everyone,
>
> I am in a bit of trouble,
>
> On a network where i am configuring IDS - using ASA5510 + SSM module, we try to deny access to Bittorrent downloads - it 
> consumes quite a bit of bandwith and is not allowed by the company's policy.
> We try to filter bittorrent which succedes - but the utorrent changes protocol and goes by the SSL port 443 and thereby 
> circumvent the IDS, since its not possible to see the encrypted traffic.
>
> Does anyone out there have a good idea of how i am to solve the issue?
>
>
> Best Regards
>
> Ove Hansen
> IT-Quality A/S
> Banemarksvej 50F
> Denmark - 2605
>
>
>
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
> to learn more.
> ------------------------------------------------------------------------