MS OOB .NET patch is now also available via Windows Update.

Controlling bittorrent

Published: 2010-09-30
Last Updated: 2010-09-30 00:12:53 UTC
by Mark Hofman (Version: 1)
8 comment(s)

Bittorrent is a great tool to download large files. If the transfer is interrupted you haven't lost anything. The transfer will continue once you restart the download. There is however the other use of bit torrent and let's face it, probably one of the biggest uses of bit torrent, is to download copyrighted movies, music, books, etc.  Now regardless of where you stand on the issue of artist rights , music/movie distributors, etc, etc, as security professionals you are in the position of having to control traffic in and out of your organisation, including torrent traffic.
So what are your options? We will get the easy answer out of the way first, block all outbound traffic or proxy everything via a proxy server, but that doesn't solve all of our problems.  The first challenge is that many torrent applications proxy over http or https, how do we detect these? The second problem is that there will be people in your  organisation that will have a static IP and direct access to the Internet. Some applications just, don't play well with proxies and exemptions have to be made. How do you prevent these users from accessing torrents? How do you control torrent downloads that are legit and should be permitted and prevent the bad?

If you have a commercial content filter, then it may be able to detect torrent traffic in http or https. If you have an IDS or IPS it may be able to alert on p2p traffic in the environment. If you have application aware firewalls there may be a signature that can be applied to traffic to detect torrent traffic. If you have traffic shaping devices they may be able to distinguish torrent traffic on the network and take some action.  You can control user desktops and prevent them from installing applications, although many torrent apps will run with just the executable and don't need installation or can be run off a USB.
Distinguishing between a good torrent and a bad one? I haven't found anything that works well. URL filtering gives some measure of control, but isn't fool proof.

What measures do you take and are they working for you?  Let us know.

Mark H

Keywords:
8 comment(s)

Comments

cwqwqwq

www

Nov 17th 2022
6 months ago

eweew<a href="https://www.seocheckin.com/edu-sites-list/">mashood</a>

EEW

Nov 17th 2022
6 months ago

WQwqwqwq[url=https://www.seocheckin.com/edu-sites-list/]mashood[/url]

qwq

Nov 17th 2022
6 months ago

dwqqqwqwq mashood

mashood

Nov 17th 2022
6 months ago

[https://isc.sans.edu/diary.html](https://isc.sans.edu/diary.html)

isc.sans.edu

Nov 23rd 2022
6 months ago

[https://isc.sans.edu/diary.html | https://isc.sans.edu/diary.html]

isc.sans.edu

Nov 23rd 2022
6 months ago

What's this all about ..?

isc.sans.edu

Dec 3rd 2022
5 months ago

password reveal .

isc.sans.edu

Dec 3rd 2022
5 months ago

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission

isc.sans.edu

Dec 26th 2022
5 months ago

https://thehomestore.com.pk/

isc.sans.edu

Dec 26th 2022
5 months ago

Login here to join the discussion.


Diary Archives