Re: Bittorrent - utorrent

[Stephen Clowater <steve () stevesworld hopto org>]

This is really the only effective solution. After all, using iptables and 
mangle can thwart just about anything. I thwart my ISP by re-writing the TOS 
value to 0x10 for every packet. Since its too expensive for an ISP to write 
TOS values tor anything other then packets in a NEW connection state, my 
first minute of downloading is slow, then I'm back up to maxing out my pipe. 
Despite complex QOS rules.

The only real effective solution is to somewhat limit bandwidth to burst 
bandwidth, and then limit the number of connections per machine to some low 
number like 20. Bittorent works off of swarming, and generally needs more 
than 20 hosts to end up going quite fast. Those two in combination will 
probably make bittorent quite painful to use. 
On March 9, 2007 07:02:15 pm Erick Jensen wrote:
> I would say, this is something that you can't control.  Yes, bit-torrent
> traffic can be encrypted, and it CAN run on 443.  But I switched mine to a
> random port in the 14000 range.  Then I check mark the "encrypted only" box
> and say "good luck Comcast!".
>
>
> I think the only effective way of hindering bit-torrent is what some
> universities do.  They limit the bandwidth and allow only burst of full
> bandwidth.  That way they make bit torrent unbearable to use.  So far
> that's the only way to counter the bit-torrent traffic.
>
> Has anyone else heard of a better way?
>
>
>
> -----Original Message-----
> From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
> Behalf Of Ove Dalgård Hansen Sent: Wednesday, March 07, 2007 1:38 PM
> To: focus-ids () securityfocus com
> Subject: Bittorrent - utorrent
>
> Hello Everyone,
>
> I am in a bit of trouble,
>
> On a network where i am configuring IDS - using ASA5510 + SSM module, we
> try to deny access to Bittorrent downloads - it consumes quite a bit of
> bandwith and is not allowed by the company's policy. We try to filter
> bittorrent which succedes - but the utorrent changes protocol and goes by
> the SSL port 443 and thereby circumvent the IDS, since its not possible to
> see the encrypted traffic.
>
> Does anyone out there have a good idea of how i am to solve the issue?
>
>
> Best Regards
>
> Ove Hansen
> IT-Quality A/S
> Banemarksvej 50F
> Denmark - 2605
>
>
>
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to
> http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=i
> ntro_sfw to learn more.
> ------------------------------------------------------------------------
>
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to
> http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=i
> ntro_sfw to learn more.
> ------------------------------------------------------------------------

Attachment: _bin
Description: