The classic tactics used against me in large networks are a) software control and b) bandwidth throttling. One alone is easy enough to get around if you know what you're doing, but both is a bit harder.
My personal fun suggestion would be to write a script that searches for and deletes any .torrent files, with some kind of reporting to identify which compy's this is found on and how many torrent files. That should at least identify the offending machine. OTHO, is it possible to configure the anti-virus/malware/firewall to have .torrent files added to their virus definition rules? As far as a upstream detection system, more intelligent and experienced people than I have spoken already on such a matter. ^_~ -Jex On 3/7/07, Ove Dalgård Hansen <[EMAIL PROTECTED]> wrote:
Hello Everyone, I am in a bit of trouble, On a network where i am configuring IDS - using ASA5510 + SSM module, we try to deny access to Bittorrent downloads - it consumes quite a bit of bandwith and is not allowed by the company's policy. We try to filter bittorrent which succedes - but the utorrent changes protocol and goes by the SSL port 443 and thereby circumvent the IDS, since its not possible to see the encrypted traffic. Does anyone out there have a good idea of how i am to solve the issue? Best Regards Ove Hansen IT-Quality A/S Banemarksvej 50F Denmark - 2605 ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
