1 of 1 people found this helpful
You would need to use IPS Signatures (and be licensed for them) in order to block this sort of traffic with a Sidewinder.
The built-in signatures include categories of 'P2P-Policy' and 'P2P-General'. There are individual signatures in these categories for blocking, for instance:
- any packet with a 'Content-Type' of 'application/x-bittorrent'
- a Bittorrent request for peers
- a Bittorrent handshake
- (and more...)
There are many, many more signatures having to do with P2P in general (Gnutella, Skype, eMule specific, etc.).
You could build a Signature Group containing only the specific signatures you want to trigger and set this as the IPS in your rule (which you could lockdown to specific times of the day). Then you could deny traffic if it matches these signatures at specific times of the day.
There are no Bittorrent DHT specific signatures, but custom signatures can be created and used (KB63125).
That's exactly what I was looking. Appreciate the pointers.