How to Block BitTorrent , Download-Manager through ASA

Imran Ahmad · ‎07-31-2012

Hello Gus,

We have many clients who are misusing our company bandwidth by downloading files through BitTorrent and Download-Managers. i tried alot to block it but no luck.

Can anyone intruct me on how to block them on ASA device ?

Leo Laohoo · ‎07-31-2012

You don't block them in the ASA.

You can use AD to block applications like BitTorrent and DM from running.

saxenanitesh8522 · ‎08-01-2012

hi

you can block bit torrent

http://wiki.wireshark.org/BitTorrent ---> you can use this guide for the tcp ports.

Ports range for Bit torrent

Bittorrent uses TCP to transfer files and UDP for searching. It will use port 80 if the default TCP ports 6881-6889,6969 and 8080 can not be reached. Some bittorrent clients also support HTTP downloading.To completely block BT, please block UDP port 1024-65534 in your router.

then make acl based on that and apply it

do rate if helpful.

Nitesh

Imran Ahmad · ‎08-02-2012

It is not working.

isn't there any other ways to block it through ASA ? i dont have AD

saxenanitesh8522 · ‎08-02-2012

hi Iram,

regex bit-torrent-tracker ".*[Ii][Nn][Ff][Oo]_[Hh][Aa][Ss][Hh]=.*"

object-group service BitTorrent-Tracker tcp

description TCP Ports used by Bit Torrent for tracker communication

port-object eq 2710

port-object eq 6969

object-group service Blocked-UDP-Ports udp

description All ports blocked for Bit Torrent UDP DHT (all ephemeral ports except VPN encapsulation)

port-object range 10001 65535

port-object range 1024 9999

class-map type inspect http match-all bit-torrent-tracker

description Bit Torrent Tracker communication

match request args regex bit-torrent-tracker

match request method get

policy-map type inspect http Drop-P2P

description Drop protocol violations, Kazaa, gator and Bit Torrent Tracker traffic

parameters

protocol-violation action log

class _default_gator

drop-connection log

class _default_kazaa

drop-connection log

class bit-torrent-tracker

drop-connection log

policy-map global_policy

class inspection_default

inspect http Drop-P2P

Thanks,

Nitesh

Please rate if helpful

Imran Ahmad · ‎08-02-2012

it is not working

saxenanitesh8522 · ‎08-02-2012

did you apply the policy map or not??

or just copy pasted the configuration on top??

saxenanitesh8522 · ‎08-02-2012

object-group service Blocked-UDP-Ports udp

description All ports blocked for Bit Torrent UDP DHT (all ephemeral ports except VPN encapsulation)

port-object range 10001 65535

port-object range 1024 9999

object-group service BitTorrent-Tracker tcp

description TCP Ports used by Bit Torrent for tracker communication

port-object eq 2710

port-object range 6881 6999

access-list inside_access_in extended deny udp any any object-group Blocked-UDP-Ports log warnings inactive

access-list inside_access_in extended deny tcp any any object-group BitTorrent-Tracker log warnings inactive

access-list inside_access_in extended permit tcp any any

Apply the access list in the inside interface it might need modifications depending on your configuration and its just a sample configuration

regex bit-torrent-tracker ".*[Ii][Nn][Ff][Oo]_[Hh][Aa][Ss][Hh]=.*"

class-map type inspect http match-all bit-torrent-tracker

description Bit Torrent Tracker communication

match request args regex bit-torrent-tracker

match request method get

policy-map type inspect http Drop-P2P

description Drop protocol violations Bit Torrent Tracker traffic

parameters

protocol-violation action log

class bit-torrent-tracker

drop-connection log

policy-map global_policy

class inspection_default

inspect http Drop-P2P