Method 1: block the BT Port
We all know that if you want to restrict a service, you need to set an ACL (Access Control List) on the vro to block the port used by the Service from normal operation. for the btsoftware, we can try to seal its port. in general, the btsoftware uses port 6880-6890, and Xiaojin uses the following command on the company's core router to block all ports 6880-6890.
Access-list 101 deny tcp any range 6880 6890
Access-list 101 deny tcp any range 6880 6890 any
Access-list 101 permit ip any
Next, enter the corresponding port and enter ip access-group 101 out to bring the access control list into effect. After the configuration, the network bandwidth will be released immediately and the network speed will be improved.
However, the network speed slowed down in a few days, and the port of the btsoftware was obviously blocked. What software is still occupying a large amount of bandwidth, xiaojin uses SNIFFER to detect that the data traffic on several ports that are not commonly used is very large. Many people used third-party btsoftware (such as BITCOMET and BITCOMET) to download it, these software can customize the port for data transmission and modify it to an unblocked port before downloading BT.
(Note: Due to the large change of the BT port, it is very ineffective to use the ACL to seal the port, and it is difficult to execute multiple configuration entries, in addition, a large number of ACLs also occupy the CPU resources of the router, affecting other services.
Advantage: using the access control list ACL to block BT is easier to manage and configure. It is more flexible to use. Using ACL can effectively block official btsoftware)
Method 2: block the BT Server
Since the local port cannot be effectively blocked, you have to start with the remote target address. during BT download, the local machine must first connect to the remote BT server, download the seed list from the server, and then connect to the corresponding seed. Therefore, Xiaojin downloads the BT seed from major BT forums, to obtain the address of the BT server. start BITCOMET and select the Server LIST. On the TRACKER server, you can see the address of the BT server, for example (bt.ydy.com). Then, you can use NUSLOOKUP or PING command to obtain the server address 202.103.X.X.
After obtaining the server address, you can block the address on the core server. The specific command is: access-list 102 deny tcp any 202.103.9.83 0.0.0.0.
At last, Xiaojin runs the ip access-group 102 out command on the network egress port to make the access control list take effect. In this way, users in the network cannot access this BT server, at the same time, all the BT seeds provided by this server cannot be used. Next, receive more IP addresses of the BT server and add them to control list 102 one by one, after starting third-party btsoftware, the number of connected seeds is 0, and the download speed is 0, the employee finally breathed a sigh of relief.
Not long ago, the company once again encountered the problem of slow network operation. Xiaojin found that another person downloaded a movie through BITCOMET through the monitoring system. Although the speed was not as high as before, it still occupied a considerable bandwidth, what makes it possible for a user to connect to the BT server? The IP addresses used in the access list are filtered. Once the IP address of the BT server changes, blocking IP addresses is useless.
(Disadvantage: There are many BT servers. It is very troublesome to find the IP address of each server and block it. In addition, it is easy to miss some servers. The access control list can only block the IP address and cannot block the domain name, blocking is annoying for BT servers whose IP addresses change frequently.
Advantage: This method can effectively block a large number of BT servers. By simply managing the Server IP address, the network management can block the use of the btsoftware, it is very effective to block the customized port btsoftware)
Method 3: load the PDLM Module
Using the PDLM module produced by CISCO saves us the trouble of configuring routing policies and the blocking effect is very good. the two methods described above. one is to block the port used by the data packet, and the other is to block the destination address of the data packet. Although it is valid within a certain range, it cannot completely prohibit BT, this problem exists when you block BT using the PDLM + n bar method.
CISCO provides three PDLM modules on its official website, namely, KAZAA2.pdlm and bittorrent. pdlm. emonkey. pdlm, which can be used to block KAZAA, BT, And Donkey. Here we will block BT download as an example,
Create a TFTP site, copy bittorrent. pdlm to the site, and use the ip address nbar pdlm tftp: // IP address of the TFTP site/bittorrent. pdlm command in the core router to load the bittorrent. pdlm Module
Next, set the router policy. The specific command is as follows:
Class-map match-any bit
// Create a CLASS_MAP named BIT
Match protocol bittorrent
// The module bittorrent standard is required!
Policy-map limit-bit
// Create a POLICY-MAP named LIMIT-BIT
Class bit
// It must comply with the CLASS-MAP defined just now with the BIT name
Drop
// If yes, data packets are lost!
Interface gigabitEthernet0/2
// Enter the interface at the network exit
Service-policy input limit-bit
// Enable the LIMIT-BIT routing policy when a packet enters
Service-policy output limit-bit
// Enable the limit-bit routing policy when data packets are sent out.
If you do not want to manually load BitTorrent on TFTP every time you start the vro. pdlm, you can upload the pdlm file to the flash of the router, and then select the IP address of the TFTP server. tip: When the KaZaA or eDonkey is blocked, replace the BitTorrent after "match protocol" with kazaa2 or eDonkey in the vro configuration. Other configurations are the same as blocking the BT,
After the btsoftware is blocked by the nbar pdlm module, Xiaojin has completely cut off the use of Bt in the company. All employees can work with peace of mind and the network speed has been restored to the previous stable value,
(Disadvantage: This method is relatively difficult to configure, and there are many commands, and the pdlm file needs to be re-specified each time the router is started, if you upload a pdlm file to the flash of the vro, it will occupy a lot of space. Blocking the btsoftware using the routing policy will also occupy a large amount of CPU and memory resources of the vro, affects the transmission speed of data packets.
Advantage: This method can be used to completely block BT downloads)
Trackback: http://tb.blog.csdn.net/TrackBack.aspx? Postid = 480421