Page 1 of 3 123 LastLast
Results 1 to 10 of 25
  1. #1
    Newbie
    Join Date
    Jun 2009
    Posts
    12

    Default Block uTorrent - let us solve this once and for all

    Hello to everybody!

    I've been reading this forum and especially this category for quite a while, searching the answer for the "block uTorrent " problem....From what i saw, this problem is not solved at this moment.

    In my Protocol Control Event Log, torrent downloading appears as blocked in the Action tab, but it still works. So, the conclusion is that the torrent traffic is correctly identified but the rule for blocking it is not enforced properly.

    This is a very anoying problem, not only for me, but for many people out there, as i saw, because torrent eats a lot of your internet bandwidth.

    The only thing left to do, is to block ".torrent" files through Web Filter, but this do not solve the problem, because the users will download .torrent files on a memory stick and then use them in uTorrent.

    So, is it possible to do something from Untangle to block uTorrent ? (excluding Microsoft Software Restriction Policies, or local firewall policies) I am willing to make tests, and to help you with whatever i can, but, let us solve this problem once and for all.

    Thank you.

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,497

    Default

    Your conclusion is incorrect. The reason it still works has to do with torrents ability to masq itself as standard HTTP traffic, not to mention use encryption to change its signature.

    So no it isn't possible to just block uTorrent. Besides that, uTorrent is an application. You're talking about bittorrent as a protocol. Blocking the latter isn't entirely possible. Blocking the former just doesn't make any sense.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Newbie
    Join Date
    Jun 2009
    Posts
    12

    Default

    Thanks for your quick response.

    Why do you tell that blocking uTorrent application does not make any sense?

    I know that torrents use encryption and mask themselves, BUT then why in Protocol Control Event Log at Request tab it says "Bittorrent" and at Action tab is says "Blocked" ?

    Since it says "Bittorrent" doesn't that mean that the traffic was identified as torrent traffic and not as standard HTTP ?


    Thanks!

  4. #4
    Untangle Ninja
    WebFooL's Avatar
    Join Date
    Jan 2009
    Location
    Sweden (Eskilstuna)
    Posts
    5,049

    Default

    toxxiqman,

    The Bit-torrent signatures are constantly changing so it is hard to keep up with the signatures. And the signatures that Protocol Control have Log might by some other traffic that just by random had the same signature.

    Well if you block uTorrent by application the user can just use a difrent app.

  5. #5
    Newbie
    Join Date
    Jun 2009
    Posts
    12

    Default

    @WebFool, - the log in the Protocol Control was not some other traffic. I was conducting manual tests to see if uTorrent is blocked or no, so it certainly was Bittorrent traffic, as the log showed.

    Indeed, the solution is to block the protocol not the application.

    I repeat myself, the traffic is correctly identified by Protocol Control, anyone can test. I still think that all that is needed is a proper block. Any other rules in Protocol Control works perfectly, except torrent. So there must be something there....

  6. #6
    Untangle Ninja
    WebFooL's Avatar
    Join Date
    Jan 2009
    Location
    Sweden (Eskilstuna)
    Posts
    5,049

    Default

    Different bittorrent client will have different signatures.
    And more and more updates/download services are using bittorrent as a protocol.

    As for the Protocol Control if the traffic matches the signature than it will log.
    During one update of Untangle DNS traffic was match to P2P networking.

    So the signatures can be hard to maintain.

    Whit listing Applications with applocker might be a better way to solv you problem.

    Back to the topic:
    "the torrent traffic is correctly identified but the rule for blocking it is not enforced properly."
    Are you sure that it identify all traffic or not just part of it.
    So it dose in fact block the part that it can identify.



    (http://www.slideshare.net/namedeplum...ts-using-snort)

  7. #7
    Untangle Ninja dwasserman's Avatar
    Join Date
    Jun 2008
    Location
    Argentina
    Posts
    4,371

    Default

    The responsibility of maintaining the signatures of protocols is L7-Filter, now is part of clearOS.
    Untangle only can use or not the app, like antivirus or IDS.
    If the signatures are wrong or incomplete, you need create a bug or report in the L7 filter at ClearOS page.
    One helper to block p2p traffic is the attack blocker, test it.
    The world is divided into 10 kinds of people, who know binary and those not

  8. #8
    Untangle Ninja mrunkel's Avatar
    Join Date
    Jul 2008
    Posts
    3,022

    Default

    Folks, almost all bitorrent applications today have fallback systems.

    Untangle is correctly identifying and blocking the first attempt to connect. The application falls back to a secondary protocol/method and successfully connects.

    This is an arms race that we can not win. They modify the protocol, we modify the signatures, they modify the protocol, ad infinitum.
    m.
    <BR>
    Big Frickin Disclaimer:
    While I'm pretty sure, I can't guarantee that I know what I'm doing. There might be a better way to do this, and this way might actually suck. Make sure you understand the implications of what you're doing before trying to follow these directions.
    <BR>It often helps troubleshooting if you have a good network map. Look <A HREF="http://forums.untangle.com/tip-day/5407-how-draw-network-diagram.html">here</A> if you want my advice on how to draw one. <BR> <B>Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com<B>

  9. #9
    Untangle Ninja dwasserman's Avatar
    Join Date
    Jun 2008
    Location
    Argentina
    Posts
    4,371

    Default

    Quote Originally Posted by mrunkel View Post
    Folks, almost all bitorrent applications today have fallback systems.

    Untangle is correctly identifying and blocking the first attempt to connect. The application falls back to a secondary protocol/method and successfully connects.

    This is an arms race that we can not win. They modify the protocol, we modify the signatures, they modify the protocol, ad infinitum.
    Untangle modify or add new signatures?
    The world is divided into 10 kinds of people, who know binary and those not

  10. #10
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    As others have stated I don't think that outright blocking will work with Protocol Control because of the failsafe methods.

    However, we will have an alternate approach in 8.0 that I think will accomplish what you need. It will let you recognize and flag hosts that are using bittorrent and slow all their traffic (inclusive of all failsafe methods).
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2