How to block torrents

OpenWifi · May 9, 2019, 2:56 AM

Hello guys.I would like to block all torrents on my network.How can i achieve that? Because i really am desperate

chrismacmahon · May 9, 2019, 11:01 AM

You are looking for Application blocking with Snort and OpenAppID: https://www.netgate.com/blog/application-detection-on-pfsense-software.html

OpenWifi · May 9, 2019, 11:40 PM

@chrismacmahon Thank you, but the OpenAppID also contain Bittorrent Application? Because i only see facebook, twitter, Netflix and Amazon

chrismacmahon · May 10, 2019, 4:16 AM

it's located in openappid-p2p_file_sharing.rules

OpenWifi · May 10, 2019, 4:16 AM

@chrismacmahon Thank you

OpenWifi · May 14, 2019, 2:34 AM

@chrismacmahon So i enabled that category(openappid-p2p_file_sharing.rules) but i can't seem to get any alerts. I am downloading a torrent(ubuntu)

OpenWifi · May 14, 2019, 5:23 AM

No need.Logging has began..But realy appreciate your help. Thanks

BAOZHAI · Jun 18, 2019, 12:17 PM

This post is deleted!

Vincent_28 · Jul 12, 2019, 1:43 PM

i tried to block torrents by blocking the ports. until now its okay and blocking the downloading of torrent.

Vincent_28 · Jul 12, 2019, 1:56 PM

theres a two way. you can block all ports then set a port that you want to allow like 80,53 or block the ports of torrents.

OpenWifi · Jul 12, 2019, 3:22 PM

@Vincent_28 which are the torrent ports ?

johnpoz · Jul 12, 2019, 3:31 PM

@OpenWifi said in How to block torrents:

which are the torrent ports ?

They could run on any port.. They can run over 80 and 53 even ;)

Vincent_28 · Jul 12, 2019, 3:39 PM

@johnpoz in my blocking in port there's no 80 & 53 but i block the downloading of torrent

johnpoz · Jul 12, 2019, 3:41 PM

Just answering the question to what ports torrents run on - they can be run on any port.. You need to block them via packet inspection via stuff like appid with an IPS... Just trying to block ports is not going to be valid solution.

KOM · Jul 12, 2019, 3:42 PM

The port that you torrent client uses is set in the client itself. There is no universal bittorrent port. Trying to block torrents by blocking ports is useless unless the person you're trying to block knows nothing about networking.

Vincent_28 · Jul 12, 2019, 3:46 PM

i use wireshark. to see the port of torrents and syn & seeds of bitorrent

OpenWifi · Jul 12, 2019, 3:47 PM

@Vincent_28 Is wireshark a package ?

johnpoz · Jul 12, 2019, 3:50 PM

@Vincent_28 said in How to block torrents:

use wireshark. to see the port of torrents and syn. seeds of bitorrent

That is a wack a mole game that will keep you busy to the end of time.. And as already stated - it can be ran over ports that you require to be open. 80/443..

The most effective method is application detection via your IPS - which again as the tech evolves signatures can change depending on the p2p product being used.. Which your IPS might not detect, analysis of traffic flow patterns can help in detection as well, etc..

But blocking of ports is not going to stop someone that knows what they are doing and how the protocol can be used.

Good way to stop it is only allow your proxy outbound.. where clients have NO direct outbound connection capability... And block lists on your proxy to prevent connection to p2p networks even over the proxy, etc.

Trying to control user access once you have given them even 1 port outbound is going to be a never ending battle ;)