Community discussions

MikroTik App
  4. RouterOS
  5. General

Anyone successfull in blocking bittorrent and limewire

Post Reply
 
User avatar
natedogg104
Member Candidate
Member Candidate
Topic Author
Posts: 157
Joined: Tue Feb 28, 2006 9:18 am

Anyone successfull in blocking bittorrent and limewire

Tue Sep 08, 2009 8:08 pm

SO i have update to the new version, hoping the p2p filter would work with the firewall chain to drop p2p traffic , no such luck. It doesnt even phase it, anyone that has any of the updated programs can get past that rule.

So next step go and find the L7 patterns and mark the packets/connections so that i can drop em right ? Not lol

The current L7's dont seem to be working to block anything but older versions of the programs.

Does anyone have new L7 exps for bittorrent bitcoment limewire , etc. Im convinced 99% of the traffic to these sites is a bunch of illegal crap. At the very least i need to be able to mark these packets so i can turn in these users when i do get those crappy notices.

This is what i have currently

Bittorrent
^(\x13bittorrent protocol|azver\x01$|get /scrape\?info_hash=get /announce\?info_hash=|get /client/bitcomet/|GET /data\?fid=)|d1:ad2:id20:|\x08'7P\)[RP]

Limewire
^(gnd[\01\02]\?.\?.\?\01|gnutella connect\
/[012]\\.[0-9]\r\
\n|get /uri-res/n2r\\\?urn:sha1:|get /.*user-agent: (gtk-gnutella|bearshar\
e|mactella|gnucleus|gnotella|limewire|imesh)|get /.*content-type: applicat\
ion/x-gnutella-packets|giv [0-9]*:[0-9a-f]*/|queue [0-9a-f]* [1-9][0-9]\?[\
0-9]\?\\.[1-9][0-9]\?[0-9]\?\\.[1-9][0-9]\?[0-9]\?\\.[1-9][0-9]\?[0-9]\?:[\
1-9][0-9]\?[0-9]\?[0-9]\?|gnutella.*content-type: application/x-gnutella|.\
..................\?lime)

Limewire paid
^(gnd[\x01\x02]?.?.?\x01|gnutella connect/[012]\.[0-9]\x0d\x0a|get /uri-res/n2r\?urn:sha1:|get /.*user-agent: (gtk-gnutella|bearshare|mactella|gnucleus|gnotella|limewire|imesh)|get /.*content-type: application/x-gnutella-packets|giv [0-9]*:[0-9a-f]*/|queue [0-9a-f]* [1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?:[1-9][0-9]?[0-9]?[0-9]?|gnutella.*content-type: application/x-gnutella|...................?lime)

Anyone have ideas or suggestions to mark or block the packets/connections or both

Marking all traffic and limiting or blocking traffic unkown is not an option been ther done that , and it just causes problems, having to mark everything in the world is cpu intensive and just not practical

So anyone have reg exps that actually work , or another idea let me know
Top
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8712
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:
Contact Chupaka

Re: Anyone successfull in blocking bittorrent and limewire

Wed Sep 09, 2009 1:09 am

you cannot block encrypted p2p connections shedding hardly any blood, I believe
Top
 
User avatar
natedogg104
Member Candidate
Member Candidate
Topic Author
Posts: 157
Joined: Tue Feb 28, 2006 9:18 am

Re: Anyone successfull in blocking bittorrent and limewire

Wed Sep 09, 2009 7:40 pm

I thought if you found the connection when it started before it encrypted you could block it. Any other ideas ,for the moment i just got some software that logs all connections in and out that way at least i can respond to the users when i get those nasty letters. /sigh

We cant block the bad guys , have to monitor the good guys .....
Top
 
Muqatil
Trainer
Trainer
Posts: 573
Joined: Mon Mar 03, 2008 1:03 pm
Location: London - UK
Contact:
Contact Muqatil

Re: Anyone successfull in blocking bittorrent and limewire

Thu Sep 10, 2009 1:09 am

did you try this?
Code: Select all
/ip firewall mangle
add action=mark-connection chain=forward comment=P2P disabled=no new-connection-mark=P2P-CONN p2p=all-p2p passthrough=yes
add action=mark-connection chain=forward comment="P2P Torrent" disabled=no layer7-protocol=bittorrent new-connection-mark=P2P-CONN passthrough=yes
add action=mark-connection chain=forward comment="P2P Emule" disabled=no layer7-protocol=edonkey new-connection-mark=P2P-CONN passthrough=yes
add action=add-dst-to-address-list address-list="P2P Address" address-list-timeout=5m chain=forward comment="Identify P2P Connections fonts for 5 mins" connection-mark=P2P-CONN disabled=no dst-address-list="!IP Medi@net" src-address-list="IP Medi@net"
add action=mark-connection chain=forward comment="IP P2P" disabled=no new-connection-mark=IP2P_CONN passthrough=yes src-address-list="P2P Address"
add action=mark-connection chain=forward comment="IP P2P" disabled=no dst-address-list="P2P Address" new-connection-mark=IP2P_CONN passthrough=yes
add action=mark-packet chain=forward comment=IP2P connection-mark=IP2P_CONN disabled=no new-packet-mark=IP2P passthrough=yes
add action=mark-packet chain=forward comment=P2P connection-mark=P2P-CONN disabled=no new-packet-mark=P2P passthrough=no
I just mangle and limit them, i don't block them completly... but it's up to you
try this one
P.S. It's a little cpu intensive so use it in a powerful board and maybe in a separate box (transparent bridge)
Top
 
User avatar
natedogg104
Member Candidate
Member Candidate
Topic Author
Posts: 157
Joined: Tue Feb 28, 2006 9:18 am

Re: Anyone successfull in blocking bittorrent and limewire

Thu Sep 10, 2009 3:32 am

Ty ill try that
Top
 
rboerom
just joined
Posts: 18
Joined: Mon Mar 17, 2008 3:30 pm

Re: Anyone successfull in blocking bittorrent and limewire

Thu Sep 10, 2009 5:59 am

you can control P2P if you configure your QoS as a firewall
you mark everything you know , everything else, is P2P

IT WORKS GREAT, ARES CONTROL, TORRENT CONTROL
Top
Post Reply
  4. RouterOS
  5. General