IDS mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Bittorrent - utorrent

From: "Giovanni Davide Sacca'" <giovannidavide.sacca () zucchetti com>
Date: Sat, 10 Mar 2007 12:33:48 +0100
Hi guys,

have you ever try to put a proxy server between the server torrent and
client software that make request?

This is very usefull to deny torrent traffic, the proxy server that make
the connection on 443 of server torrent, then the handshake try to make
a get http from the server torrent.

Because the server torrent isn't a web server don't reply to a http
request ,and then the proxy server don't reply to torrent session
initiated by the client.

Then you should look the proxy log to find that request that have
generated the "pleasure page" to the client, session probably the client
notified in the log is the workstation that initiate the torrent session
;)

This work well with squid.

I hope can useful for you.

Best Regards
--
 


Davide Sacca' --Networking Staff
Zucchetti.com
C.so Vittorio Emanuele II, 21
26900 Lodi (LO) ITALY
tel: +39 0371 5942850
GPG key: 0xAD3170FE
Key fingerprint =>63BF 78E3 6570 4678 904A  E865 1B13 4483 AD31 70FE<=

"Goran Pizent" <goran.pizent () mobilnet hr> 03/09/07 11:46 AM >>>

Hi,

If you have policy against bittorent then you should identify all
workstations that use bittorent and explain to those people that they
are
violating policy and that they could be fired because they are using
untrusted and forbidden software. Uninstall all bittorent software from
all
workstations.

Goran Pizent



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On
Behalf Of Ove Dalgard Hansen
Sent: Wednesday, March 07, 2007 8:38 PM
To: focus-ids () securityfocus com
Subject: Bittorrent - utorrent

Hello Everyone,

I am in a bit of trouble,

On a network where i am configuring IDS - using ASA5510 + SSM module, we
try
to deny access to Bittorrent downloads - it consumes quite a bit of
bandwith
and is not allowed by the company's policy.
We try to filter bittorrent which succedes - but the utorrent changes
protocol and goes by the SSL port 443 and thereby circumvent the IDS,
since
its not possible to see the encrypted traffic. 

Does anyone out there have a good idea of how i am to solve the issue?


Best Regards

Ove Hansen
IT-Quality A/S 
Banemarksvej 50F
Denmark - 2605




------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=in
tro_sfw 
to learn more.
------------------------------------------------------------------------



------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw

to learn more.
------------------------------------------------------------------------



------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: