Below snapshot shows HTTP request which Bittorrent Client uses to communicate with Bittorrent Servers. In the request we can see different parameters like client id, port number.
We can observe that Bittorrent client uses different User Agent request headers like BTWebClient, Bittorrent etc.
UDP is using Source port as 24615, which is being communicated to Bittorrent Server as HTTP Request.
So we can detect or block Bittorrent based on HTTP Request URI or User-Agent header strings or UDP protocol communication.
Below are few Signatures which we can use to detect Bittorrent.
alert udp any any -> any any ( msg: "Bit Torrent UDP"; content:"41 02"; offset:0; depth:2; content:"38"; offset:13;depth:1; content:"08"; offset:21;depth:1; sid:8888881; rev: 1; )
alert udp any any -> any any ( msg: "Bit Torrent Protocol"; content:"|13|bittorrent|20|protocol"; offset:0; sid:8888882; rev: 1; )
alert udp any any -> any any ( msg: "Bit Torrent UDP Communication"; content:"d1|3a|ad2|3a|id20|3a|"; sid:8888883; rev: 1; )
Below Signature triggers and alerts when the content is seen in HTTP Request URI
alert tcp any any -> any 80 ( msg: "Bit Torrent: HTTP Request"; content:"info_hash="; pcre:"/announce\?info_hash=/Ui"; sid:8888884; rev: 1; )
Observed following User-Agent strings as part of HTTP Requests
User-Agent: BitTorrent/7610(27328)
User-Agent: BTWebClient/7610(27328)
which can be detected using following Signatures
alert tcp any any -> any 80 ( msg: "Bit Torrent: HTTP User Agent 1"; content:"User-Agent: BitTorrent"; sid:8888885; rev: 1; )
alert tcp any any -> any 80 ( msg: "Bit Torrent: HTTP User Agent 2"; content:"User-Agent: BTWebClient"; sid:8888886; rev: 1; )
Posts related to Snort IDS/IPS which might be of interest to you.
http://darshanams.blogspot.in/2011/05/snort-logging-alerts-to-syslog-server.html
http://darshanams.blogspot.in/2010/06/snort-preprocessors-and-alerts.html
http://darshanams.blogspot.in/2012/05/installing-snort-from-source-as-ips.html
To know about Google Talk Jabber protocol communication
http://darshanams.blogspot.in/2008/11/deciphering-google-talk-jabber.html
For Zebra/Bittorrent protocol communication
http://darshanams.blogspot.in/2009/03/i-was-just-checking-my-mails.html
P.S Signatures given above are neither tested nor fine tuned. Just an
idea how to detect Bit Torrent communication.
idea how to detect Bit Torrent communication.
For a long time me & my friend were searching for informative blogs about detection, but now I am in the right place guys, you have made a room in my heart. Oracle fusion financials training
ReplyDeleteAndrology doctor in chennai
ReplyDeleteInfertility specialist in chennai
Sexologist in chennai
Thankyou the sharing great information, We are one of the best call center outsourcing vendors in the United States. At Trupp Global, we are completely dedicated to your business growth. We provide top notch services that can enhance the sales along with customer satisfaction levels.
ReplyDeleteBusiness Process Outsourcing Services
small business seo services in los angeles
ReplyDeleteecommerce seo services in los angeles
b2b seo services in los angeles
enterprise seo services in los angeles
professional seo services in los angeles
giacca da prestigiatore
ReplyDeletetriciclo usato milano
risparmiare batteria iphone ios 12
maglia termica nuoto bambina
shein camicie donna cameriera
maquina para coser zapatillas
venta de bicicletas para ejercicio
sujetador media copa abierto ético
nike academy16 knt tracksuit 2
bañador neopreno mujer oysho
camiseta escote redondo
adidas rock climbing
rompecabezas de obras de arte para arma
reloj con números romanos para niños
abrigo aviador mujer abdomen
gucci forocoches
sonic 3 and knuckles juego online
short de bain islamique
stihl klamotten
brabus rocket 900 amazon
new balance icarus
sonnenbrille herren mit seitenschutz
hoodie pepe jeans cyan
shorts fitness feminino
melhores marcas de mochilas masculinas
quadri da disegnare amazon
aharry potter x vans
culle e passeggini per neonati amazon
camisa da ferroviária
galocha rosa feminina
deichmann bolsos
bolso de mano de hombre guess entusiasta
tenda da sole spiaggia amazon
nike pegasus 94
Nike Air Force 270
nike shirt langarm
ReplyDeletemoufles millet expedition 8000 m
hüte damen sommer
diffuseur par nébulisation à froid amazon
bijoux pas cher or blanc amazon
sacoche lv district
polo simulator
cappotto burberry bimba amazon
schubkarre gestell amazon
nike off white foam rose
jeansjacke mädchen 164
nike cortez prm
beutel zipper amazon
nike tanjun damen weiß 44
scarpe pirelli uomo impedire
polo ralph lauren jeanshemd damen
risparmiare batteria iphone ios 12
style année 80 femme
Nike Air Force 270
kimono en jean
pantaloni puma femei pollice Linea di metallo
naketano anker jacke schwierig
venta de tenis nike en tijuana
blazer basicos mujer
adidas adizero ace boost 7
masque d horreur a imprimer
new balance icarus
sandália rasteira bottero
berghaus mens raincoat
calça laranja adidas
béret a pompon bretelles uniforme
gucci sandale plastique
costumi interi amazon
skechers shoes for men online
gants si assault factory pilot noir oakley
venda de cortina
adidas stan smith safety shoes
niveau à laser amazon surligner escorte
sims 4 nike shoes kids
casquette ford Immigration
ReplyDeletechaussure carla moreau
triciclo usato milano
chaussures de sécurité facom
foot locker nike react element
scatola protezione stagna
nike metcon 5 rojas
zapatillas de agua niña
veste velour carhartt
damen lack schnürer
cappotto rosso scarpe nike
fiore garofano amazon
nike presto extreme pas cher
nike pegasus 94
shorts fitness feminino
nike t shirt tumblr
quadri da disegnare amazon
chinelo slide da melissa
tenis all star feminino branco couro
calzoncillos puma hombre
veste per battesimo amazon
nike air force modelo agotado
cartera levis hombre
filtre pour aspirateur samsung sc4780
autoradio gps vdo
nike tribute veste
soldes chaussures homme caterpillar hiver cafétéria
amazon sandalias reef
chanclas new balance niña
kit de creation de bracelets utilisation
wc suspendu mural amazon
foulard en soie homme
all star converse star player
paragliding přilby
nike anzug nba rot
camisa da ferroviária
tapie adidas credit lyonnais
gucci handbags uk
air force 1 nike outfit men basket
borse gabs etnico
ReplyDeletezapatillas running galaxy 4 azul marino mujer adidas
nike air max 97 silber
ladies summer shorts
bolsas para comprimir equipaje
table basse marbre noir pied doré
guanti da sci gialli
stratic koffer monogramm
sellerie moto strasbourg
deichmann bolsos
aharry potter x vans
adidas cal surf
timberland herren 3 eye
adidas yeezy semi frozen yellow on feet
cappello fisi kappa tazza
nike free run 5.0 new
smartphone kleine abmessungen amazon
adidas originals panna scarpe uomo basse
sandalias rosa palo tacon ancho giro
bermuda femme en lin dor
vetements sisley ligne
s oliver catie bell bottom
cerchietto che si chiude capelli
short de bain islamique
zapatos de charol mujer con taco
blazer bebe 2 anos
rückgaberecht adidas
camiseta con falda corta
tende doccia milano amazon
shein camicie donna cameriera
bañador neopreno mujer oysho
sudadera nike vintage
giacca da prestigiatore
sandalias courofeito a mao
grossista condizionatori
piumini daunenstep amazon
zapatillas cruyff mujer
valentine gauthier chaussures