With peer-to-peer file-sharing clients, blocking central servers isn't as effective a method as it is for blocking IM. Many P2P clients no longer use a central server. Instead, they keep a round-robin cache of the last known good peers and try to connect between them. If the local cache is exhausted, they can connect with a cache on the Web to obtain a fresh list of peers. Clients that use the Gnutella network mechanism (eMule, eDonkey, LimeWire, etc.) work this way.
BitTorrent, the increasingly popular peer-to-peer file-sharing and download-acceleration system, uses a combination of approaches. A central server, known as a torrent server or torrent host, stores a list of available clients from which a given file can be downloaded. The actual file is downloaded from multiple peers at once to speed things up. Because of this decentralized approach, BitTorrent (BT) has become very popular in illegal file-sharing circles -- no one server ever hosts a copy of the file, so any legal responsibility is diffused. However, BitTorrent is also now used as a legitimate file-distribution system by many companies. Many Linux distributions, for instance, are available as torrents to keep mirror servers from being overloaded -- so it may not be fair to block BT.
If you're hesitant to block BT entirely, one step you can take to prevent BT abuse is to block access to torrent-hosting sites that you suspect are of questionable legality. Thepiratebay.org,
piratebay.com, isohunt.com and a number of others can be blocked easily through a firewall or other access-control mechanism. This way, you won't stop legitimate BitTorrent use -- although you may want to throttle the amount of traffic (i.e., bandwidth) that an individual client can use on the ports BitTorrent uses most often. The most commonly used TCP ports for BitTorrent, 6881-6999, should be restricted by total bandwidth per user rather than number of open connections since BT opens many inbound connections (usually 2 to 4 per file) by design.
Blocking IM and P2P
Step 1: The "easy, but stupid" approach
Step 2: The "block the nexus" approach: IM
Step 3: The "block the nexus" approach: P2P
Step 4: The "block the application" approach
More information from SearchWindowsSecurity.com
|ABOUT THE AUTHOR:|
|Serdar Yegulalp is editor of the Windows Power Users Newsletter. Check it out for the latest advice and musings on the world of Windows network administrators -- and please share your thoughts as well! Copyright 2005 TechTarget|
This was first published in January 2006