2 Replies Latest reply on Feb 25, 2014 9:53 PM by rukmalf

    Bypass the NSP Using Bittorrent with Encryption

    rukmalf

      Hi,

       

      Have any of you guys noticed that the McAfee IPS can be bypassed by enabling encryption on the torrent client? I have tried it with qBittorrent and it seems to work when encrption is enabled, even if you block the signature using the IPS policy.

       

      Any ideas on this guys?

       

      Regards,

       

      Rukmal Fernando

        • 1. Re: Bypass the NSP Using Bittorrent with Encryption
          cedricr

          Hello Rukmal,

           

          that is the general downside of network-based IPS, they are not able to decrypt any traffic in general.

           

          However the McAfee sensors are able to decrypt traffic between clients and a webserver of yours, if you import the private key. You can find more detailed information in the IPS admin guide "NSP_7_5_IPS_Administration_revA_en_us.pdf" on page 540 ff.

           

          Best Regards

          Cedric

          • 2. Re: Bypass the NSP Using Bittorrent with Encryption
            rukmalf

            Hi Cedricr,

             

            Yeap client server SSL is something that is under our control so we can decrpt/encrypt it as we wish.

             

            But from what I have tested, I have noticed that checkpoint/Paloalto firewalls are able to block torrents using application Intelligence even if the torrents are using encryption.

             

            Since McAfee NSP is supposed to be the leader in the IPS field shouldn't they too be able to do the same?

             

             

            Regards,

             

            Rukmal Fernando