In order not to affect the normal business, the administrator of the enterprise network needs to do everything possible to close the BT may pass all the ports, will be a number of specific seed release site block outside, will be the enterprise of BT try the overall ban.
Editor's note:
BT download is to more and more enterprises to bring harm to the office, and the Public network, telecommunications network in the BT download, also is devouring the operating network bandwidth. Once the first "seed" (download source), a large number of BT users will follow up to form a large-scale BT download network. Unlike point-to-point, this "group Survival" network, although it embodies the freedom of the Internet, but also reflects the disorder of the Internet. And when this disorderly sex ┥⒌ cunning steal pitch school 虮 su Bolt ㄈ huanxiangwa phlegm mother fan screwed?
BT full name for bit Torrent, is a peer-to-peer software, and traditional FTP, HTTP and other download methods, the number of people using BT, the faster. The traditional FTP, HTTP, Pub is the file from the server to the client, which will appear some problems: the increase in the number of users required high bandwidth and server performance, but also affect the stability of the server, so many servers will have the user number of restrictions, download speed restrictions, This has caused a lot of inconvenience to the user. And BT fundamentally solve this problem, BT is a similar MLM way to achieve sharing, in the download, but also for other users to upload, so will not increase with the number of users and reduce download speed. Very convenient to use, its characteristics simply say: The more people download, the faster.
the commonly used BT software has BitTorrent, PTC, Shareaza, bittorrent++ and so on.
BitTorrent is a multi-point download source of open Peer-to-peer software, very convenient to use, like a browser plug-in, very suitable for the new release of popular downloads.
PTC (Personal torrents Collector) is one of the best software currently available for BitTorrent downloads, and PTC's multi-threaded capabilities enable users to download and upload resources in batches faster.
Shareaza collection of edonkey, Guntella and BT and other popular Peer-to-peer software features, and can be used for HTTP, FTP downloads, with excellent interface, simple operation and strong scalability.
bittorrent++ in function than BitTorrent has a great improvement, but also more humane, make up for the BitTorrent too simple lack of fine-tuning of the shortcomings, especially the function of sharing. If you turn off the bittorrent++, as long as you open the program again, you will continue to download the original, do not like the BitTorrent of the continuation of the trouble.
These BT download software with its unique advantages by the vast number of users love, but the trouble is also followed: If multiple users at the same time using BT to download, will occupy a large number of network bandwidth, seriously affecting the normal work of other users. In some enterprises LAN, school campus network, operators of the metropolitan area Network, there have been BT abuse of network resources, affecting the development of other normal business. Therefore, in some environments it is absolutely necessary to strictly limit the user's BT download traffic or completely prohibit BT download. In general, there are seven of the most direct ways available.
restrict browsing to BT website
BT site A lot, but given the characteristics of BT Download: The number of downloads, the faster the speed; The more seed, the faster. Only the more popular bt website torrent file Downloads More people, the general BT site to the less, the number of downloads is also small, unless he can endure a few K per second speed. Therefore, for the more popular BT Web site, in the security gateway to configure the URL filtering rules, after the interface to enable filtering Http_filter function, prohibit access to them.
Prohibit access to tracker servers
Tracker refers to a program running on a server that tracks how many people are downloading the same file at the same time. The client connects to the tracker server, will get a list of the download personnel, accordingly BT will automatically connect to someone else's machine for downloading. The general access to the Tracker server is in HTTP form.
If the gateway of the corporate network has a graphics management log, you can query all the records about HTTP information, if there is a BT download, the corresponding HTTP message is found in the log, according to the message content can get tracker server information, and then can configure the rules in the device, Prevents internal users from accessing the server.
The number of tracker servers should be much less than the number of popular BT sites, many sites are torrent to other sites, if you can find the address of these tracker servers, this is a very effective way. Using the Tian Qing Han ma multi-function security gateway, according to the query log can easily find tracker server.
sealed bt Download Port
To solve the harm of BT to LAN, the most thorough method is not allow BT download, BT general use TCP 6881~6889 port, network administrator can judge according to the change of network traffic, in the gateway will be specific seed release site and Port sealed off, This information can be obtained in the track of BT download software, but now most BT software can modify the port number, so the network management can according to the actual situation, without affecting the normal business, as far as possible to the closed range of ports to expand, some specific seed publishing sites and ports closed.
Restricting user bandwidth
BT is harmful to the local area network because it takes up a lot of network bandwidth. Therefore, the limit of each user's network bandwidth, can obviously alleviate the harm of BT to the network, at the same time for some operational network, completely prohibit the use of BT is unreasonable, limit the use of each BT bandwidth to become a better choice. Network administrators can use a number of management software or network hardware configuration, for the application of the flow of a finer-grained rate limit, such as the priority of BT users to download a limit of 5 (0 highest, 7 minimum), bandwidth limit of 64Kbps. This will ensure that BT software is used without affecting the development of other businesses.
limit the maximum number of connections
When using BT software, the downloader periodically registers with the tracker, allowing the tracker to understand their progress, uploading and downloading data between the downloader via a direct connection, which uses the BitTorrent Peer-to-peer protocol, which is based on TCP. Therefore, the network administrator can control the maximum number of TCP connections to control the bandwidth consumption of BT network.
filtering application-layer protocols using the HTTP proxy
When the BT client downloads, must carry on the tracker query, tracker receives the information through the HTTP GET command's parameter, but responds to each other (the downloader) is the bencoded encoded message. In the HTTP request message, it carries the characteristic value of BT user-agent:bittorrent.
For this situation, the network administrator can filter a specific application-layer packet (such as an HTTP packet) through some security management devices, traffic management devices, and even network management system software, and then filter BT packets from the HTTP packet according to the keyword (BitTorrent) in the BT Packet ( As shown in Figure 1).
Block BT Flow
There are still some BT software does not use HTTP to get the peers list, but the TCP/UDP protocol, but its BT stream still contains "BitTorrent" signature, if the network device has the ability to target the BT stream contained in the "BitTorrent" signature to identify products , it is much easier to block or limit the bandwidth of BT (as shown in Figure 2).