[kwlug-disc] Blocking Bittorrrent
Paul Nijjar
paul_nijjar at yahoo.ca
Mon Nov 16 20:41:50 EST 2015
Once again, I have found myself on Santa's naughty list, and I am
tired of it. Thus I have decided to transition into full-blown evil.
(The consequences for both Christmas presents and Judgement Day appear
to be similar, and it is not as if I am going to make any progress
going the other way.) Thus, I would like to become a mini-Rogers and block
bittorrent on our network.
The firewall is pfSense.
pfSense has layer-7 filtering, but it only works for unencrypted
traffic, so unless I can implement a MITM attack I am probably not
going to be able to use it to block Bittorrent.
You can't block bittorrent based on ports, because Bittorrent can use
many different ports.
You can't block it based on IP address.
I can sometimes identify likely torrent traffic by looking at the
incoming connections that are blocked by the firewall. A lot of
incoming connections to the same port often indicates torrent traffic,
but does not help me block people from making incoming torrent
connections.
I could take a page out of Rogers's playbook and attempt to slow down
all encrypted traffic (or even block it all, which is pretty evil but
would make web surfing and SSH inconvenient). I am not sure whether
pfSense could even identify encrypted traffic, but some L7 filtering
might make it possible. I could potentially allow encrypted traffic
over a few ports (22, 443, whatever SMTP uses) but then Bittorrent
just will use 443 again.
Maybe I could flag computers that make a lot of simultaneous
connections? But then if Khalid ever visits TWC (as he will this
Thursday, when the local Drupal group is having a Drupal release
party) then he will be flagged, because he always has some ridiculous
number of tabs open in his web browser.
I have been poking around on the Internet, but have not found any good
suggestions thus far. Can you help me be evil?
- Paul
--
http://pnijjar.freeshell.org
More information about the kwlug-disc
mailing list