Actually, I found Layer 7 DPI apps to do a very good job in the times I was in change of a neighbourhood net.
In that time was about prioritizing, not blocking, i.e. allow BT/kazaa, etc, but only in the spare bandwidth giving priority for SIP, HTTP(S), game protocols, etc.
The only problem was having a machine to cope with 100 mbps, huge line 7 years back and not so powerful cheap computers, in the end did a pretty good job, after a month or so of tweaking, had a setup where everyone could do everything at decent speeds, so much so that ppl said, well, we dont need so much bw anymore :P
Protocol obfuscation can work to a point, but there are adaptive, learning apps today that check for patterns of big loads, many connections on random ports and limit the IP overall, not only some traffic in case protocol obfuscation is used.
Extremist conservative user, I wish to preserve human and civil rights, free speech, freedom of the press and worship, rule of law, democracy, peace and prosperity, social mobility, etc. Now you can draw your guns.
@Maounique said:
Actually, I found Layer 7 DPI apps to do a very good job in the times I was in change of a neighbourhood net.
In that time was about prioritizing, not blocking, i.e. allow BT/kazaa, etc, but only in the spare bandwidth giving priority for SIP, HTTP(S), game protocols, etc.
The only problem was having a machine to cope with 100 mbps, huge line 7 years back and not so powerful cheap computers, in the end did a pretty good job, after a month or so of tweaking, had a setup where everyone could do everything at decent speeds, so much so that ppl said, well, we dont need so much bw anymore :P
Protocol obfuscation can work to a point, but there are adaptive, learning apps today that check for patterns of big loads, many connections on random ports and limit the IP overall, not only some traffic in case protocol obfuscation is used.
if so what could be blocking the tracker?
@rds100 said:
Just set reasonable bandwidth limits and people will not use torrents, or at least not much.
hello .
my vps in usa. and the hosting provider does not allow violating the DMCA. because my vps suspend due to one of my client downloaded using bittorrent.
I am afraid you cannot block it in a VPS, you need a firewall with DPI and a learning app before it.
Even so, you cannot block anyone from connecting to swarms, there is a delay in which a few packets pass in case of protocol obfuscation before the block occurs due to the time needed for the layer 7 filtering application to recognize the pattern.
If you can put a firewall and filtering before the VPS IP, you can block your customer from uploading, because will not be enough packets to form a chink so the customer will not be able to announce he has the file for sharing (which is actually what the DMCA settlement lawyers are actually looking for).
Extremist conservative user, I wish to preserve human and civil rights, free speech, freedom of the press and worship, rule of law, democracy, peace and prosperity, social mobility, etc. Now you can draw your guns.
it does, but you can just rename and recompile the executable and it will remain stealthy.
Only thing that cannot really be hidden is the traffic, obfuscated or not, it still follows unmistakeable patterns, a really good DPI/L7 application will learn to detect.
Extremist conservative user, I wish to preserve human and civil rights, free speech, freedom of the press and worship, rule of law, democracy, peace and prosperity, social mobility, etc. Now you can draw your guns.
Comments
Well according to http://www.ipp2p.org/
So I guess that would be a start.
hello you have install tutorial for ipp2p ?
because i don't understand for install ipp2p .
Besides blocking the default ports for rtorrent/deluge/transmission, you are basically fighting a losing battle here
Contractually bound by a verbal non-disclosure agreement
Actually, I found Layer 7 DPI apps to do a very good job in the times I was in change of a neighbourhood net.
In that time was about prioritizing, not blocking, i.e. allow BT/kazaa, etc, but only in the spare bandwidth giving priority for SIP, HTTP(S), game protocols, etc.
The only problem was having a machine to cope with 100 mbps, huge line 7 years back and not so powerful cheap computers, in the end did a pretty good job, after a month or so of tweaking, had a setup where everyone could do everything at decent speeds, so much so that ppl said, well, we dont need so much bw anymore :P
Protocol obfuscation can work to a point, but there are adaptive, learning apps today that check for patterns of big loads, many connections on random ports and limit the IP overall, not only some traffic in case protocol obfuscation is used.
Extremist conservative user, I wish to preserve human and civil rights, free speech, freedom of the press and worship, rule of law, democracy, peace and prosperity, social mobility, etc. Now you can draw your guns.
Just set reasonable bandwidth limits and people will not use torrents, or at least not much.
-
if so what could be blocking the tracker?
hello .
my vps in usa. and the hosting provider does not allow violating the DMCA. because my vps suspend due to one of my client downloaded using bittorrent.
I am afraid you cannot block it in a VPS, you need a firewall with DPI and a learning app before it.
Even so, you cannot block anyone from connecting to swarms, there is a delay in which a few packets pass in case of protocol obfuscation before the block occurs due to the time needed for the layer 7 filtering application to recognize the pattern.
If you can put a firewall and filtering before the VPS IP, you can block your customer from uploading, because will not be enough packets to form a chink so the customer will not be able to announce he has the file for sharing (which is actually what the DMCA settlement lawyers are actually looking for).
Extremist conservative user, I wish to preserve human and civil rights, free speech, freedom of the press and worship, rule of law, democracy, peace and prosperity, social mobility, etc. Now you can draw your guns.
autokill kill the torrent client(s) via cron ? and/or make a hosts entry to 127.0.0.1 for the popular public trackers ?
CrownCloud - Internet Services | Los Angeles, California | Frankfurt, Germany | Amsterdam, The Netherlands
it does, but you can just rename and recompile the executable and it will remain stealthy.
Only thing that cannot really be hidden is the traffic, obfuscated or not, it still follows unmistakeable patterns, a really good DPI/L7 application will learn to detect.
Extremist conservative user, I wish to preserve human and civil rights, free speech, freedom of the press and worship, rule of law, democracy, peace and prosperity, social mobility, etc. Now you can draw your guns.