Network Management Tips: block the Seven Weapons downloaded by Bt

In order not to affect normal business operations, the administrator of the enterprise network should try his best to close all ports that may pass through Bt and block some specific seed release sites, block the entire BT attack in the enterprise.

Editor's note:

BT downloading is causing harm to more and more enterprises. BT downloading on the public network and telecom network is also consuming the operating network bandwidth. Once the first "Seed" (download source) appears, a large number of Bt users will follow up to form a large-scale BT download network. Different from point-to-point, this "group survival" Network reflects the freedom of the Internet, but it also reflects the disorder of the Internet. And when this sort of disorder is too low to steal, the school is too busy, and the fan is screwed?

The full name of Bt is Bit Torrent, which is a P2P software. Different from the traditional download methods such as FTP and HTTP, the higher the number of Bt users, the faster the speed. Traditional FTP, HTTP, and pub send files from the server to the client. Some problems may occur: the increase in the number of users requires high bandwidth and high server performance, it also affects the stability of the server. Therefore, many servers have limits on the number of users and the download speed, which causes a lot of inconvenience to users. While BT fundamentally solves this problem, BT adopts a method similar to pyramid scheme to achieve sharing. While downloading, it is also providing uploads for other users, therefore, the download speed will not be reduced as the number of users increases. It is very convenient to use. In simple terms, the more people you download, the faster the download speed.

Common btsoftware include BitTorrent, PTC, Shareaza, and BitTorrent ++.

● BitTorrent is a P2P software open source code for Multi-Point download. It is very convenient to use, just like a browser plug-in, and is suitable for popular downloads released.

● PTC (Personal torrents collector) is currently one of the best software for downloading BitTorrent users. PTC's multi-thread capability enables users to download and upload resources in batches more quickly.

● Shareaza integrates the features of popular P2P software such as eDonkey, guntella, and BT, and can be used for HTTP and FTP download. It has excellent interfaces, simple operations, and strong maintainability.

● BitTorrent ++ has greatly improved its functions than BitTorrent, and is more user-friendly. It makes up for BitTorrent's simplicity and lack of fine-tuning features, especially sharing functions. If BitTorrent ++ is disabled halfwayProgram, And the original download will continue. It is not as troublesome as the resume of BitTorrent.

These BT download software has been favored by many users with its unique advantages. However, the trouble is also caused: if multiple users use BT for download at the same time, it will occupy a large amount of network bandwidth, it seriously affects the normal operation of other users. In some enterprises' local networks, campus networks of schools, and man networks of operators, the abuse of network resources by Bt has all affected the development of other normal services. Therefore, in some environments, it is necessary to strictly limit the user's BT download traffic or completely prohibit BT download. In general, there are seven most direct methods available.

Restrict viewing of Bt websites

There are many BT websites, but considering the characteristics of Bt downloads, the more people you download, the faster the speed. The more seed, the faster the speed. There are only a large number of people who download torrent files from popular BT websites. Generally, there are fewer people on Bt websites and fewer people are downloading files, unless he can tolerate the speed of several k per second. Therefore, for popular BT websites, configure URL filtering rules on the security net, enable the http_filter function on the outbound interface, and disable access to them.
Disable access to the tracker server

Tracker is a program running on the server. This program can track how many people download the same file at the same time. When the client connects to the tracker server, it will obtain a list of download personnel. Accordingly, BT will automatically connect to another user's machine for download. Generally, the access to the tracker server is in the form of HTTP.

If the Enterprise Network Gateway has a graphical management log, all records about HTTP information can be queried. If bt is downloaded, corresponding HTTP packets are found in the log, the tracker server information can be obtained based on the message content. Then, you can configure rules in the device to prevent internal users from accessing the server.

The number of tracker servers should be much smaller than the number of popular BT websites. Many websites are torrent of other websites. If you can find the addresses of these tracker servers, this is a very effective method. The tracker server can be easily found based on query logs using tianqing hanma Multi-Function Security Gateway.

Disable the BT download Port

To solve the harm of Bt to Lan, the most thorough method is not to allow BT download. BT generally uses TCP 6881 ~ The network administrator can determine the port 6889 based on the changes in network traffic. In the gateway, the network administrator can block the specific seed release site and port and obtain the information from the track in the BT download software; however, most btsoftware can modify port numbers. Therefore, the network management can expand the range of closed ports as much as possible without affecting normal services, shut down some specific seed release sites and ports.

Limit user bandwidth

BT harms the lan because it occupies a large amount of network bandwidth. Therefore, limiting the network bandwidth used by each user can significantly alleviate the harm of Bt to the network. At the same time, it is unreasonable to completely disable BT for some operating networks, limiting the bandwidth used by each bt is a good choice. The network administrator can use some management software or network hardware configurations to impose fine-grained speed limits on application streams. For example, the priority for downloading BT users is 5 (0 is the highest, and 7 is the lowest ), the bandwidth is limited to 64 Kbps. This ensures that the use of btsoftware does not affect the development of other services.

Maximum number of connections

When you use the btsoftware, the downloader periodically registers with the tracker so that the tracker can understand their progress. The downloader can directly upload and download data through a connection, this connection uses the BitTorrent peer protocol, which is based on TCP. Therefore, the network administrator can control the maximum number of TCP connections based on these characteristics to control the usage of network bandwidth by Bt.

Use HTTP proxy to filter application layer protocols

When downloading the BT client, you must query the tracker. The tracker receives the information through the http get command parameters, and the message returned to the other party (the downloader) is a bencoded message. In the HTTP request message, the User-Agent: BitTorrent feature value of Bt is carried.

Network administrators can filter application-layer data packets (such as HTTP data packets) by using security management devices, traffic management devices, and network management system software ), then, based on the keyword (BitTorrent) in the BT data packet, filter the BT data packet from the HTTP data packet (1 ).

Blocking BT streams

Some btsoftware uses TCP/UDP protocol instead of HTTP to obtain the peers list, but its BT stream still contains the "BitTorrent" pattern; if a network device has a product that can identify the "BitTorrent" pattern contained in the BT stream, it is much easier to block or limit the bandwidth of the product (see figure 2 ).