if you use any technology to classify and/or block bit torrent at layer 4, all someone has to do is change their source port to something different, or proxy the connection so the destination port is different. Or if you're particularly unlucky, they might use VPN to mask it.
This is why you cannot depend on a fire-and-forget solution to do all the blocking for you. it's better to identify the offending traffic, save some pcaps to show what the user was doing, then deal with the user themselves face to face or over email. Notify them that their activity is a breach of security policy. What is reading have you done on traffic shaping, packet filtering, IDS, etc? No offense, but I think you may lack some fundamental understanding of the technologies involved. Please take that as an observation only, I'm not talking down to you. You've asked a number of very basic questions today, so I'm trying to get a good handle of where you're at. Regards, - Ian On Thu, Sep 1, 2011 at 11:49 AM, suresh suresh <suresh.notion...@gmail.com>wrote: > suppose i block through the traffic shapers means what will happen > > if user changes bit torrent port in his/her machine only he/her download > torrent or bit torrent automatically changes the port number start > downloading.please help me. > > Thank you, > > Regards, > Suresh > > > On Thu, Sep 1, 2011 at 9:06 PM, Ian Bowers <iggd...@gmail.com> wrote: > >> savvy users will use a different port. if your goal is to say "we block >> bit torrent", this shouldnt matter. if your goal is to actually block bit >> torrent or successfully enforce security policy, this may not be sufficient. >> >> >> On Thu, Sep 1, 2011 at 11:32 AM, suresh suresh < >> suresh.notion...@gmail.com> wrote: >> >>> if we disable the bit torrent using traffic shapers.. bit torrent will be >>> block or what will happen.please help me >>> >>> Thank you, >>> >>> Regards, >>> Suresh >>> >>> >>> On Thu, Sep 1, 2011 at 8:44 PM, Ian Bowers <iggd...@gmail.com> wrote: >>> >>>> pfsense is the freebsd, so one way or another you can install the snort. >>>> there is a pfsense package for it though for easy installation and >>>> maintenance. you may want to google IDS and how to tune it before >>>> deploying >>>> it. IDS isn't something you want to walk into blind. >>>> >>>> >>>> On Thu, Sep 1, 2011 at 11:04 AM, suresh suresh < >>>> suresh.notion...@gmail.com> wrote: >>>> >>>>> we can install the snort in pfsense 1.2.3? >>>>> >>>>> >>>>> On Thu, Sep 1, 2011 at 8:13 PM, Ian Bowers <iggd...@gmail.com> wrote: >>>>> >>>>>> You won't find much success in trying to block bittorrent with a >>>>>> firewall. Your best bet is to use IDS (eg: snort) or another sort of >>>>>> categorization software or appliance to identify who is using bittorrent >>>>>> and >>>>>> deal with them at layer 8 via company security policy. Torrenting is one >>>>>> place where you simply cannot deploy a fire-and-forget solution and hope >>>>>> for >>>>>> it to actually work. >>>>>> >>>>>> Regards, >>>>>> -Ian >>>>>> >>>>>> >>>>>> On Thu, Sep 1, 2011 at 9:38 AM, suresh suresh < >>>>>> suresh.notion...@gmail.com> wrote: >>>>>> >>>>>>> Hi All, >>>>>>> >>>>>>> how to block the bit torrent in my nlan network.. and how to block >>>>>>> the websites,and how to block the websites except some lan connection. >>>>>>> please help me. >>>>>>> >>>>>>> Thank you, >>>>>>> >>>>>>> Regards, >>>>>>> suresh >>>>>>> >>>>>> >>>>>> >>>>> >>>> >>> >> >
