IDS mailing list archives
RE: Bittorrent - utorrent
From: dpat () space gr
Date: Sat, 10 Mar 2007 14:42:17 +0200
Hi Panos, In fact, the statement that no IDS can "look" into SSL is not completely accurate. Here is a number of indicative solutions: - Change from Cisco to either McAfee Intrushield or ISS Proventia. Under certain conditions, they can decrypt and encrypt the SSL stream. Of course, this would not be easy in money terms as I may understand. - Use a Web/Application firewall (or a reverse proxy) to eliminate Applications (not connections) that behave like *torrent - Deploy personal firewalls with a centralized policy that can assist you in controlling the applications on user's desktops. - Deploy a gateway content filtering solution (e.g. BlueCoat) that is capable of monitoring incoming/outgoing SSL traffic. Hope these help. Dimitrios G. Patsos Quoting Panayiotis Psihoyios <ppsih () hol gr>:
Since it is going through SSL (and no IDS can look into SSL), you have two options: Plan A: Deny SSL traffic, but that usually this is not possible, Plan B: Let your users out through a proxy server, which will identify non-browser traffic using http/s header inspection. Configure your firewall to permit HTTP/S out only from your proxy and not your clients. Regards, Panayiotis -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Ove Dalgard Hansen Sent: Wednesday, March 07, 2007 9:38 PM To: focus-ids () securityfocus com Subject: Bittorrent - utorrent Hello Everyone, I am in a bit of trouble, On a network where i am configuring IDS - using ASA5510 + SSM module, we try to deny access to Bittorrent downloads - it consumes quite a bit of bandwith and is not allowed by the company's policy. We try to filter bittorrent which succedes - but the utorrent changes protocol and goes by the SSL port 443 and thereby circumvent the IDS, since its not possible to see the encrypted traffic. Does anyone out there have a good idea of how i am to solve the issue? Best Regards Ove Hansen IT-Quality A/S Banemarksvej 50F Denmark - 2605 ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=in tro_sfw to learn more. ------------------------------------------------------------------------ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more. ------------------------------------------------------------------------
------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- Bittorrent - utorrent Ove DalgÄrd Hansen (Mar 08)
- RE: Bittorrent - utorrent Panayiotis Psihoyios (Mar 09)
- RE: Bittorrent - utorrent dpat (Mar 12)
- RE: Bittorrent - utorrent Kevin Overcash (Mar 12)
- Re: Bittorrent - utorrent Fredrik Nordgren (Mar 13)
- Re: Bittorrent - utorrent Hari Sekhon (Mar 14)
- Re: Bittorrent - utorrent Stefano Zanero (Mar 14)
- Re: Bittorrent - utorrent Hari Sekhon (Mar 13)
- Re: Bittorrent - utorrent Tremaine Lea (Mar 14)
- Re: Bittorrent - utorrent jhori (Mar 14)
- Message not available
- Fwd: Bittorrent - utorrent kevin fielder (Mar 14)
- Re: Bittorrent - utorrent Robert Schwartz (Mar 14)
- Re: Bittorrent - utorrent Tremaine Lea (Mar 14)
- RE: Bittorrent - utorrent Panayiotis Psihoyios (Mar 09)