Step 3: The "block the nexus" approach: P2P

In the wrong hands IM and P2P file sharing can be too much of a risk for your organization. There are many ways to block this traffic, but some are more elegant -- with less adverse effects -- than others. Contributor Serdar Yegulalp details this process in this step-by-step guide.

This Content Component encountered an error

With peer-to-peer file-sharing clients, blocking central servers isn't as effective a method as it is for blocking IM. Many P2P clients no longer use a central server. Instead, they keep a round-robin cache of the last known good peers and try to connect between them. If the local cache is exhausted, they can connect with a cache on the Web to obtain a fresh list of peers. Clients that use the Gnutella network mechanism (eMule, eDonkey,...

LimeWire, etc.) work this way.

BitTorrent, the increasingly popular peer-to-peer file-sharing and download-acceleration system, uses a combination of approaches. A central server, known as a torrent server or torrent host, stores a list of available clients from which a given file can be downloaded. The actual file is downloaded from multiple peers at once to speed things up. Because of this decentralized approach, BitTorrent (BT) has become very popular in illegal file-sharing circles -- no one server ever hosts a copy of the file, so any legal responsibility is diffused. However, BitTorrent is also now used as a legitimate file-distribution system by many companies. Many Linux distributions, for instance, are available as torrents to keep mirror servers from being overloaded -- so it may not be fair to block BT.

If you're hesitant to block BT entirely, one step you can take to prevent BT abuse is to block access to torrent-hosting sites that you suspect are of questionable legality. Thepiratebay.org, piratebay.com, isohunt.com and a number of others can be blocked easily through a firewall or other access-control mechanism. This way, you won't stop legitimate BitTorrent use -- although you may want to throttle the amount of traffic (i.e., bandwidth) that an individual client can use on the ports BitTorrent uses most often. The most commonly used TCP ports for BitTorrent, 6881-6999, should be restricted by total bandwidth per user rather than number of open connections since BT opens many inbound connections (usually 2 to 4 per file) by design.


Blocking IM and P2P

 Home: Introduction
 Step 1: The "easy, but stupid" approach
 Step 2: The "block the nexus" approach: IM
 Step 3: The "block the nexus" approach: P2P
 Step 4: The "block the application" approach


More information from SearchWindowsSecurity.com

  • News: Malcode targets Windows, IM users
  • Tip: Five steps to lockdown peer-to-peer networks

  • ABOUT THE AUTHOR:
    Serdar Yegulalp is editor of the Windows Power Users Newsletter. Check it out for the latest advice and musings on the world of Windows network administrators -- and please share your thoughts as well!

    Copyright 2005 TechTarget
    This was first published in January 2006

    Dig deeper on Windows Server and Network Security

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchServerVirtualization

    SearchCloudComputing

    SearchExchange

    SearchSQLServer

    SearchWinIT

    SearchEnterpriseDesktop

    SearchVirtualDesktop

    Close