Below snapshot shows HTTP request which Bittorrent Client uses to communicate with Bittorrent Servers. In the request we can see different parameters like client id, port number.
We can observe that Bittorrent client uses different User Agent request headers like BTWebClient, Bittorrent etc.
UDP is using Source port as 24615, which is being communicated to Bittorrent Server as HTTP Request.
So we can detect or block Bittorrent based on HTTP Request URI or User-Agent header strings or UDP protocol communication.
Below are few Signatures which we can use to detect Bittorrent.
alert udp any any -> any any ( msg: "Bit Torrent UDP"; content:"41 02"; offset:0; depth:2; content:"38"; offset:13;depth:1; content:"08"; offset:21;depth:1; sid:8888881; rev: 1; )
alert udp any any -> any any ( msg: "Bit Torrent Protocol"; content:"|13|bittorrent|20|protocol"; offset:0; sid:8888882; rev: 1; )
alert udp any any -> any any ( msg: "Bit Torrent UDP Communication"; content:"d1|3a|ad2|3a|id20|3a|"; sid:8888883; rev: 1; )
Below Signature triggers and alerts when the content is seen in HTTP Request URI
alert tcp any any -> any 80 ( msg: "Bit Torrent: HTTP Request"; content:"info_hash="; pcre:"/announce\?info_hash=/Ui"; sid:8888884; rev: 1; )
Observed following User-Agent strings as part of HTTP Requests
User-Agent: BitTorrent/7610(27328)
User-Agent: BTWebClient/7610(27328)
which can be detected using following Signatures
alert tcp any any -> any 80 ( msg: "Bit Torrent: HTTP User Agent 1"; content:"User-Agent: BitTorrent"; sid:8888885; rev: 1; )
alert tcp any any -> any 80 ( msg: "Bit Torrent: HTTP User Agent 2"; content:"User-Agent: BTWebClient"; sid:8888886; rev: 1; )
Posts related to Snort IDS/IPS which might be of interest to you.
http://darshanams.blogspot.in/2011/05/snort-logging-alerts-to-syslog-server.html
http://darshanams.blogspot.in/2010/06/snort-preprocessors-and-alerts.html
http://darshanams.blogspot.in/2012/05/installing-snort-from-source-as-ips.html
To know about Google Talk Jabber protocol communication
http://darshanams.blogspot.in/2008/11/deciphering-google-talk-jabber.html
For Zebra/Bittorrent protocol communication
http://darshanams.blogspot.in/2009/03/i-was-just-checking-my-mails.html
P.S Signatures given above are neither tested nor fine tuned. Just an
idea how to detect Bit Torrent communication.
idea how to detect Bit Torrent communication.
For a long time me & my friend were searching for informative blogs about detection, but now I am in the right place guys, you have made a room in my heart. Oracle fusion financials training
ReplyDeleteAndrology doctor in chennai
ReplyDeleteInfertility specialist in chennai
Sexologist in chennai
Thankyou the sharing great information, We are one of the best call center outsourcing vendors in the United States. At Trupp Global, we are completely dedicated to your business growth. We provide top notch services that can enhance the sales along with customer satisfaction levels.
ReplyDeleteBusiness Process Outsourcing Services
small business seo services in los angeles
ReplyDeleteecommerce seo services in los angeles
b2b seo services in los angeles
enterprise seo services in los angeles
professional seo services in los angeles
giacca da prestigiatore
ReplyDeletetriciclo usato milano
risparmiare batteria iphone ios 12
maglia termica nuoto bambina
shein camicie donna cameriera
maquina para coser zapatillas
venta de bicicletas para ejercicio
sujetador media copa abierto ético
nike academy16 knt tracksuit 2
bañador neopreno mujer oysho
camiseta escote redondo
adidas rock climbing
rompecabezas de obras de arte para arma
reloj con números romanos para niños
abrigo aviador mujer abdomen
gucci forocoches
sonic 3 and knuckles juego online
short de bain islamique
stihl klamotten
brabus rocket 900 amazon
new balance icarus
sonnenbrille herren mit seitenschutz
hoodie pepe jeans cyan
shorts fitness feminino
melhores marcas de mochilas masculinas
quadri da disegnare amazon
aharry potter x vans
culle e passeggini per neonati amazon
camisa da ferroviária
galocha rosa feminina
deichmann bolsos
bolso de mano de hombre guess entusiasta
tenda da sole spiaggia amazon
nike pegasus 94
Nike Air Force 270
nike shirt langarm
ReplyDeletemoufles millet expedition 8000 m
hüte damen sommer
diffuseur par nébulisation à froid amazon
bijoux pas cher or blanc amazon
sacoche lv district
polo simulator
cappotto burberry bimba amazon
schubkarre gestell amazon
nike off white foam rose
jeansjacke mädchen 164
nike cortez prm
beutel zipper amazon
nike tanjun damen weiß 44
scarpe pirelli uomo impedire
polo ralph lauren jeanshemd damen
risparmiare batteria iphone ios 12
style année 80 femme
Nike Air Force 270
kimono en jean
pantaloni puma femei pollice Linea di metallo
naketano anker jacke schwierig
venta de tenis nike en tijuana
blazer basicos mujer
adidas adizero ace boost 7
masque d horreur a imprimer
new balance icarus
sandália rasteira bottero
berghaus mens raincoat
calça laranja adidas
béret a pompon bretelles uniforme
gucci sandale plastique
costumi interi amazon
skechers shoes for men online
gants si assault factory pilot noir oakley
venda de cortina
adidas stan smith safety shoes
niveau à laser amazon surligner escorte
sims 4 nike shoes kids
casquette ford Immigration
ReplyDeletechaussure carla moreau
triciclo usato milano
chaussures de sécurité facom
foot locker nike react element
scatola protezione stagna
nike metcon 5 rojas
zapatillas de agua niña
veste velour carhartt
damen lack schnürer
cappotto rosso scarpe nike
fiore garofano amazon
nike presto extreme pas cher
nike pegasus 94
shorts fitness feminino
nike t shirt tumblr
quadri da disegnare amazon
chinelo slide da melissa
tenis all star feminino branco couro
calzoncillos puma hombre
veste per battesimo amazon
nike air force modelo agotado
cartera levis hombre
filtre pour aspirateur samsung sc4780
autoradio gps vdo
nike tribute veste
soldes chaussures homme caterpillar hiver cafétéria
amazon sandalias reef
chanclas new balance niña
kit de creation de bracelets utilisation
wc suspendu mural amazon
foulard en soie homme
all star converse star player
paragliding přilby
nike anzug nba rot
camisa da ferroviária
tapie adidas credit lyonnais
gucci handbags uk
air force 1 nike outfit men basket
borse gabs etnico
ReplyDeletezapatillas running galaxy 4 azul marino mujer adidas
nike air max 97 silber
ladies summer shorts
bolsas para comprimir equipaje
table basse marbre noir pied doré
guanti da sci gialli
stratic koffer monogramm
sellerie moto strasbourg
deichmann bolsos
aharry potter x vans
adidas cal surf
timberland herren 3 eye
adidas yeezy semi frozen yellow on feet
cappello fisi kappa tazza
nike free run 5.0 new
smartphone kleine abmessungen amazon
adidas originals panna scarpe uomo basse
sandalias rosa palo tacon ancho giro
bermuda femme en lin dor
vetements sisley ligne
s oliver catie bell bottom
cerchietto che si chiude capelli
short de bain islamique
zapatos de charol mujer con taco
blazer bebe 2 anos
rückgaberecht adidas
camiseta con falda corta
tende doccia milano amazon
shein camicie donna cameriera
bañador neopreno mujer oysho
sudadera nike vintage
giacca da prestigiatore
sandalias courofeito a mao
grossista condizionatori
piumini daunenstep amazon
zapatillas cruyff mujer
valentine gauthier chaussures
adidas personalised shoes
ReplyDeletenike shox feminino modelo novo
camisa cuadros franela mujer
tenis oakley flak infantil
sac a main desigual beige
maje robe
nike neuheiten damen
aharry potter x vans
kimono long femme grande taille
air jordan 4 lightning
hama stiftplatte einhorn amazon
zaini eastpak ragazza
gucci sandale plastique
nike presto extreme pas cher
adidas stan smith safety shoes
adidas stabil x junior
nike sb zoom mogan mid 2 6.0
schubkarre gestell amazon
skechers shoes for men online
robe voile manche longue
valentine gauthier chaussures
ReplyDeletesacoche lv district
sandalias agua cerradas
scarpe nike air force modelli nuovi
maglia termica nuoto bambina
shein camicie donna cameriera
abrigo aviador mujer abdomen
gucci forocoches
sonic 3 and knuckles juego online
new balance icarus
sudadera nike vintage
sandalias de esparto mujer
nike air jordan sale deutschland
zapatillas nike lunarglide 8 precio
chaussette pull and bear
adidas noir doré
nike hypervenom all black
zapatillas de mujer bimba y lola
pantalon homme the kooples
lovely jane robe
polo shirt juventus
leggings mit spitzenabschluss
pantoufle charentaise homme
tumbona terraza ikea
nike sb stefan janoski beige
Thank you for your excellent work! Your post provides an in-depth info of all the steps. bus rental Dubai
ReplyDeletegamsat organic chemistry
ReplyDeleteLow cost crm for small business
ReplyDeleteThis is a great article thanks for sharing this informative information. I will visit your blog regularly for some latest post.프리덤출장피쉬아로마
ReplyDelete프리덤출장피쉬아로마
프리덤출장피쉬아로마
정선출장피쉬아로마
평창출장피쉬아로마
영월출장피쉬아로마