- Oct 31, 2013
- 1
- 0
- 10,510
how torrent block
- Thread starter pratikrajkot
- Start date
The only way to 100% block it but allow web access is to use a proxy server/firewall that does not allow the "connect" option on any port other than 443 and makes sure any connect commands to 443 contain valid ssl headers. Problem is this does break a number of things that cannot run over HTTP or HTTPS. Some flash based video is one example.
Torrent has evolved as IT organization have attempted to block it. Used to be you could put in firewall rules that only allowed certain ports but then torrent changed and started to use common ports such as ftp and even http for their dirty work. The firewall manufactures started to look at the traffic over say the FTP port and verified it was really FTP because of the messages. The Torrent guys then started to use the encrypted protocols like SFTP and HTTPS because you could not really tell if the data was valid or not because valid data was encrypted. Some firewall then attempted watch the session setup message to ensure it followed valid encryption protocols..torrent does not...
Unfortunately the torrent group now just uses SSL/VPN to get to a outside machine. Since SSL/VPN is a valid encryption protocol and it cannot be disabled without disabling HTTPS access there currently is no way to stop it.
The good news is that once you force the people to use VPN the IP will go back to a hosting location and at least the legal issues will be someone else problem. The bandwidth usage though there it not a lot you do about other than restrict everyone even those who are not use torrent.
Torrent has evolved as IT organization have attempted to block it. Used to be you could put in firewall rules that only allowed certain ports but then torrent changed and started to use common ports such as ftp and even http for their dirty work. The firewall manufactures started to look at the traffic over say the FTP port and verified it was really FTP because of the messages. The Torrent guys then started to use the encrypted protocols like SFTP and HTTPS because you could not really tell if the data was valid or not because valid data was encrypted. Some firewall then attempted watch the session setup message to ensure it followed valid encryption protocols..torrent does not...
Unfortunately the torrent group now just uses SSL/VPN to get to a outside machine. Since SSL/VPN is a valid encryption protocol and it cannot be disabled without disabling HTTPS access there currently is no way to stop it.
The good news is that once you force the people to use VPN the IP will go back to a hosting location and at least the legal issues will be someone else problem. The bandwidth usage though there it not a lot you do about other than restrict everyone even those who are not use torrent.
TRENDING THREADS
-
-
News Firefox user loses 7,470 opened tabs saved over two years after they can’t restore browsing session- Started by Admin
- Replies: 59
-
Facebook
Twitter
Instagram