How to block torrents
-
Hello guys.I would like to block all torrents on my network.How can i achieve that? Because i really am desperate
-
You are looking for Application blocking with Snort and OpenAppID: https://www.netgate.com/blog/application-detection-on-pfsense-software.html
-
@chrismacmahon Thank you, but the OpenAppID also contain Bittorrent Application? Because i only see facebook, twitter, Netflix and Amazon
-
it's located in openappid-p2p_file_sharing.rules
-
@chrismacmahon Thank you
-
@chrismacmahon So i enabled that category(openappid-p2p_file_sharing.rules) but i can't seem to get any alerts. I am downloading a torrent(ubuntu)
-
No need.Logging has began..But realy appreciate your help. Thanks
-
This post is deleted! -
i tried to block torrents by blocking the ports. until now its okay and blocking the downloading of torrent.
-
theres a two way. you can block all ports then set a port that you want to allow like 80,53 or block the ports of torrents.
-
@Vincent_28 which are the torrent ports ?
-
@OpenWifi said in How to block torrents:
which are the torrent ports ?
They could run on any port.. They can run over 80 and 53 even ;)
-
@johnpoz in my blocking in port there's no 80 & 53 but i block the downloading of torrent
-
Just answering the question to what ports torrents run on - they can be run on any port.. You need to block them via packet inspection via stuff like appid with an IPS... Just trying to block ports is not going to be valid solution.
-
The port that you torrent client uses is set in the client itself. There is no universal bittorrent port. Trying to block torrents by blocking ports is useless unless the person you're trying to block knows nothing about networking.
-
i use wireshark. to see the port of torrents and syn & seeds of bitorrent
-
@Vincent_28 Is wireshark a package ?
-
@Vincent_28 said in How to block torrents:
use wireshark. to see the port of torrents and syn. seeds of bitorrent
That is a wack a mole game that will keep you busy to the end of time.. And as already stated - it can be ran over ports that you require to be open. 80/443..
The most effective method is application detection via your IPS - which again as the tech evolves signatures can change depending on the p2p product being used.. Which your IPS might not detect, analysis of traffic flow patterns can help in detection as well, etc..
But blocking of ports is not going to stop someone that knows what they are doing and how the protocol can be used.
Good way to stop it is only allow your proxy outbound.. where clients have NO direct outbound connection capability... And block lists on your proxy to prevent connection to p2p networks even over the proxy, etc.
Trying to control user access once you have given them even 1 port outbound is going to be a never ending battle ;)
