Re: Bittorrent - utorrent

[Tremaine Lea <focus-ids () ddiction com>]

You mean free solutions?


Block initiating traffic outbound to any port except those required  
for business purposes would be an excellent start.

Deploy snort at the perimeter and enable the signatures that fit your  
environment and address your concerns about network abuses.  Choose a  
web front end that appeals.

Audit machines on a regular basis to find unauthorized software.

Use a proxy server (squid is free and very powerful) for all outbound  
web connections, and block traffic to disallowed sites.


And having said all that, make sure you have a policy in place that  
can be enforced.  If no such policy is in place, you can't reasonably  
expect users to adher to unwritten rules.  Get a policy, get users to  
sign that policy, and enforce it both technically and via HR routes.


There are definitely any number of commercial solutions that would do  
all of the above and more.

Tremaine Lea
Network Security Consultant



On 9-Mar-07, at 4:02 PM, Erick Jensen wrote:

> I would say, this is something that you can't control.  Yes, bit- 
> torrent traffic can be encrypted, and it CAN run on 443.  But I  
> switched mine to a random port in the 14000 range.  Then I check  
> mark the "encrypted only" box and say "good luck Comcast!".
>
>
> I think the only effective way of hindering bit-torrent is what  
> some universities do.  They limit the bandwidth and allow only  
> burst of full bandwidth.  That way they make bit torrent unbearable  
> to use.  So far that's the only way to counter the bit-torrent  
> traffic.
>
> Has anyone else heard of a better way?
>
>
>
> -----Original Message-----
> From: listbounce () securityfocus com  
> [mailto:listbounce () securityfocus com] On Behalf Of Ove Dalgård Hansen
> Sent: Wednesday, March 07, 2007 1:38 PM
> To: focus-ids () securityfocus com
> Subject: Bittorrent - utorrent
>
> Hello Everyone,
>
> I am in a bit of trouble,
>
> On a network where i am configuring IDS - using ASA5510 + SSM  
> module, we try to deny access to Bittorrent downloads - it consumes  
> quite a bit of bandwith and is not allowed by the company's policy.
> We try to filter bittorrent which succedes - but the utorrent  
> changes protocol and goes by the SSL port 443 and thereby  
> circumvent the IDS, since its not possible to see the encrypted  
> traffic.
>
> Does anyone out there have a good idea of how i am to solve the issue?
>
>
> Best Regards
>
> Ove Hansen
> IT-Quality A/S
> Banemarksvej 50F
> Denmark - 2605
>
>
>
>
> ---------------------------------------------------------------------- 
> --
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.coresecurity.com/index.php5? 
> module=Form&action=impact&campaign=intro_sfw
> to learn more.
> ---------------------------------------------------------------------- 
> --
>
>
> ---------------------------------------------------------------------- 
> --
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.coresecurity.com/index.php5? 
> module=Form&action=impact&campaign=intro_sfw
> to learn more.
> ---------------------------------------------------------------------- 
> --


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------