3 Replies Latest reply on Mar 27, 2012 3:06 AM by PhilM

    How to block torrent traffic?

      I am using sidewinder version 7. Is it possible to block torrent traffic? I know sidewinder version 8 can do so without any problem at all.

        • 1. Re: How to block torrent traffic?
          PhilM

          You'll probably find that version 7 does a pretty good job of it already.

           

          Unless you are punching dirty-great packet filters through the Firewall, much of your outbound traffic is likely to be handled by your "Internet Services" rule (if you enabled this during the setup wizard). This will include HTTP (tcp/80) and HTTPS (tcp/443) which the torrent software may well try to use.

           

          However, by default, these services are layer-7 aware, meaning that the Firewall will only allow traffic to pass via these ports if they conform to the RFC for these protocols. So, if it's basic web browsing, it will be compliant and therefore will be allowed. If its a torrent client it is unlikely to conform to the RFC and will be blocked (producing Protocol Violation audit records in the process).

           

          -Phil.

          • 2. Re: How to block torrent traffic?

            Am I right to say that what you mean is The Firewall version 7 automatically block torrent by default? If so that is great.

            • 3. Re: How to block torrent traffic?
              PhilM

              Well, in so far that it will only allow traffic to pass on ports which you have explicitly allowed and as Torrent clients tend to follow the principle of finding a common port to use when they are unable to make a connection in any other way, they will invariably go for 80 & 443 (working on the assumption that you'll want to be able to web browse at the very least). But because the HTTP and HTTPS services on the Firewall inspect connections at layer 7, by default, unless you have reduced the overal security level (using the slider bar in the access rule screen) when this traffic hits the Firewall it will very quickly discover that it is not "web browser" traffic and will throw the connection out.

               

              The only definite confirmation will be to give it a try yourself.

               

              -Phil.