From owner-freebsd-net@FreeBSD.ORG Wed Dec 20 15:53:10 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9EA9016A412 for ; Wed, 20 Dec 2006 15:53:10 +0000 (UTC) (envelope-from hg@sircon.no) Received: from smtp.sircon.net (smtp.sircon.net [85.19.149.103]) by mx1.FreeBSD.org (Postfix) with ESMTP id A18CD43CA4 for ; Wed, 20 Dec 2006 15:52:40 +0000 (GMT) (envelope-from hg@sircon.no) Received: from smtp.sircon.net (smtp [85.19.149.103]) by smtp.sircon.net (8.13.4/8.13.4) with ESMTP id kBKFXEIj091820; Wed, 20 Dec 2006 16:33:14 +0100 (CET) (envelope-from hg@sircon.no) Received: (from root@localhost) by smtp.sircon.net (8.13.4/8.13.4/Submit) id kBKFXER6091819; Wed, 20 Dec 2006 16:33:14 +0100 (CET) (envelope-from hg@sircon.no) Received: from [85.19.149.202] by smtp.sircon.net ESMTP MEsmtpd (v1.04 [2004-11-17] on FreeBSD i386) (c) Martin Edenhofer; Wed Dec 20 16:33:14 2006 X-MEsmtpd-Page: http://martin.edenhofer.de/Projects X-MEsmtpd-Sender: sircon.no/sircon.no on 85.19.149.202 X-MEsmtpd-Abuse: Report spam/abuse to abuse@sircon.no Message-ID: <45895761.9080207@sircon.no> Date: Wed, 20 Dec 2006 16:31:45 +0100 From: =?ISO-8859-1?Q?H=E5kon_Granlund?= User-Agent: Thunderbird 1.5.0.8 (X11/20061212) MIME-Version: 1.0 To: Josh Paetzel References: <6199c3dc0612140941n48832de0id6710f3f3e98345d@mail.gmail.com> <20061215022532.GJ1038@gremlin.foo.is> <200612150927.43706.josh@tcbug.org> In-Reply-To: <200612150927.43706.josh@tcbug.org> X-Enigmail-Version: 0.94.1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Mesmtpd-Mailerfrom: =?ISO-8859-1?Q?H=E5kon_Granlund?= Cc: freebsd-net@freebsd.org, Benjamin Adams Subject: Re: stop bittorrents X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Dec 2006 15:53:10 -0000 Josh Paetzel wrote: > On Thursday 14 December 2006 20:25, Baldur Gislason wrote: >> Most of the torrent clients do encrypted sessions nowadays so they >> really are impossible to detect by simply parsing the packets. >> >> Baldur >> >> On Fri, Dec 15, 2006 at 02:08:41AM +0200, Ivo Vachkov wrote: >>> I'm not familiar with bittorrent protocol but I guess you can >>> always implement simple L7 filter using ipfw rules to divert >>> packets to a custom daemon that can parse the data and drop >>> torrent packets. I did something similar for ICQ several years >>> ago. >>> >>> On 12/14/06, Julian H. Stacey wrote: >>>>> Thus you'd still achieve your ideal of >>>>> avoiding spending money rather than your time on it :-) >>>> Sorry, I wrote that wrongly, I meant: >>>> Thus you'd still spend money & still save spending your own >>>> work time on it. >>>> >>>> -- > > Probably the simplest pain free solution I can think of is to get a > linksys WRT54G-L and flash it with DD-WRT firmware. Comes with a > nifty drop-down menu in the access control page that allows you to > block things by service. Not entirely sure *how* it works, but it > seems to be very effective at blocking at the application > layer....including bt and even skype. I don't know about you, but I would think the easiest way to attack this problem is banning the trackers from your network. Either just DROP them or reroute to your own tracker which spits out the error message "TORRENT IS BAD". You should, of course let useful (and legal) trackers that host ISOs of *NIX distributions pass :-) You could either block the trackers one by one as they pop up on your network, or find a list of them online. This would make your lusers cry in frustration since they can't connect to the trackers. I don't know about trackerless torrents, but anyone using a public tracker wouldn't be able to connect to them, not being unable to establish thousands of connections to peers (connections are high digestive on physical resources). Hope this gives you a backup plan in case you don't find what you're looking for in filtering out the p2p connections. -- Håkon Granlund