What's the process of blocking bit torrent?
As per the network policy, we have to block all torrent traffic from the network. To do this, I used to block all ports above 1024 on my firewall/proxy devices. But due to this, many other applications that use non-standard ports are not able to function, especially mobile applications, and users are complaining because of this. Is there an effective way of blocking torrents on my network?
A minimum number of ports, or few specific ports, or application-level filtering?
We have Cisco IronPort Security and Cisco ASA 5500 Firewall devices.
You have a number of ways for blocking bit torrent:
- Blocking ports: this doesn't work, because p2p traffic can use pretty much any port (even ones below 1024)
- Deep inspection: looking at traffic and blocking based on type can help you a lot, however encrypted traffic all looks alike
- Destination filtering: this may also help a bit, but you'd have to maintain a large blacklist
- Volume: if a user is downloading/uploading large amounts of traffic then investigate
- Controlling the applications installed on the computers on your network through Group Policy or a real world policy. Disallow all p2p applications, and if anyone breaches the policy don't let them use the network/fire them/fire them/whatever