IDS mailing list archives
RE: Bittorrent - utorrent
From: "Giovanni Davide Sacca'" <giovannidavide.sacca () zucchetti com>
Date: Sat, 10 Mar 2007 12:33:48 +0100
Hi guys, have you ever try to put a proxy server between the server torrent and client software that make request? This is very usefull to deny torrent traffic, the proxy server that make the connection on 443 of server torrent, then the handshake try to make a get http from the server torrent. Because the server torrent isn't a web server don't reply to a http request ,and then the proxy server don't reply to torrent session initiated by the client. Then you should look the proxy log to find that request that have generated the "pleasure page" to the client, session probably the client notified in the log is the workstation that initiate the torrent session ;) This work well with squid. I hope can useful for you. Best Regards -- Davide Sacca' --Networking Staff Zucchetti.com C.so Vittorio Emanuele II, 21 26900 Lodi (LO) ITALY tel: +39 0371 5942850 GPG key: 0xAD3170FE Key fingerprint =>63BF 78E3 6570 4678 904A E865 1B13 4483 AD31 70FE<=
"Goran Pizent" <goran.pizent () mobilnet hr> 03/09/07 11:46 AM >>>
Hi, If you have policy against bittorent then you should identify all workstations that use bittorent and explain to those people that they are violating policy and that they could be fired because they are using untrusted and forbidden software. Uninstall all bittorent software from all workstations. Goran Pizent -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Ove Dalgard Hansen Sent: Wednesday, March 07, 2007 8:38 PM To: focus-ids () securityfocus com Subject: Bittorrent - utorrent Hello Everyone, I am in a bit of trouble, On a network where i am configuring IDS - using ASA5510 + SSM module, we try to deny access to Bittorrent downloads - it consumes quite a bit of bandwith and is not allowed by the company's policy. We try to filter bittorrent which succedes - but the utorrent changes protocol and goes by the SSL port 443 and thereby circumvent the IDS, since its not possible to see the encrypted traffic. Does anyone out there have a good idea of how i am to solve the issue? Best Regards Ove Hansen IT-Quality A/S Banemarksvej 50F Denmark - 2605 ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=in tro_sfw to learn more. ------------------------------------------------------------------------ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- Re: Bittorrent - utorrent, (continued)
- Re: Bittorrent - utorrent Tremaine Lea (Mar 19)
- Re: Bittorrent - utorrent David J. Bianco (Mar 19)
- Re: Bittorrent - utorrent Rocky (Mar 29)
- Re: Bittorrent - utorrent Tremaine Lea (Mar 19)
- RE: Bittorrent - utorrent Bourque Daniel (Mar 19)
- Re: Bittorrent - utorrent Albert Gonzalez (Mar 20)
- RE: Bittorrent - utorrent Erick Jensen (Mar 20)
- RE: Bittorrent - utorrent Joshua Barnes (Mar 21)
- Re: Bittorrent - utorrent scott (Mar 22)
- Re: Bittorrent - utorrent Yan Zhai (Mar 26)