Aruba Instant & Cloud Wi-Fi

Reply
Super Contributor II
Posts: 353
Registered: ‎02-22-2011

AppRF - not blocking bittorrent

Hi All,

 

hs anybody had any luck blocking bittorent with AppRF?

 

I'm trying it on my IAP-225 running 6.4.0.3-4.1.0.1_45063 and the bittorrent sessions are passing as normal. I seem to be able to block web based apps such as facebook ok.

 

It seems that IAP is classifying Bittorrent as UDP / Network Service and allowing it.

shot1.jpgshot2.jpgshot3.jpg

 

 

Moderator
Posts: 681
Registered: ‎04-16-2009

Re: AppRF - not blocking bittorrent

Grab the output of "show datapath session dpi" to see how it is being categorized.   For example:

bittorrent.jpg

Super Contributor II
Posts: 353
Registered: ‎02-22-2011

Re: AppRF - not blocking bittorrent

Seems to be catching some of it but there is no deny flag. This was using qBittorent and it seemed to block the traffic.

 

 

snap5.jpg

 

 

I tried uTorrent and it was able to connect to trackers and peers no problem and started downloading straight away.

 

I filtered the dpi output on a couple of the connected peers and this is what came up:

 

snap6.jpg

Moderator
Posts: 681
Registered: ‎04-16-2009

Re: AppRF - not blocking bittorrent

Instant DPI can detect about 1,800 applications  You can see the list with the cli command "show dpi app all". uTorrent is not on the list.

 

Try "Web-Category" and "peer-to-peer networking".  This uses webroot / BrightCloud to categorize sites.  I just tried it and it blocked uTorrent.

 

2014-08-04_18-56-42.jpg

Super Contributor II
Posts: 353
Registered: ‎02-22-2011

Re: AppRF - not blocking bittorrent

Interesting.

 

It seems like uTorrent uses it's own protocol (instead of Bittorrent).. learned something today!

 

 

http://www.bittorrent.org/beps/bep_0029.html

 

Time for a feature enhancement request!

 

Scott

Guru Elite
Posts: 8,321
Registered: ‎09-08-2010

Re: AppRF - not blocking bittorrent

Also keep in mind that users can change ports and transport methods with Bittorrent as well as tunnel them through a VPN. They are very hard to block.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Super Contributor II
Posts: 353
Registered: ‎02-22-2011

Re: AppRF - not blocking bittorrent

this is true, however i would expect that you should be able to block basic torrent access using a very popular client out of the box. my client has no special configuraiton.

 

Depending on how the DPI is implemented it shouldn't matter what port is used but i'm not sure if IAP uses tru DPI or just port mapping.

Super Contributor II
Posts: 353
Registered: ‎02-22-2011

Re: AppRF - not blocking bittorrent

looks like a signature update is needed. i have opened a TAC case and will see how that pans out.

Super Contributor II
Posts: 353
Registered: ‎02-22-2011

Re: AppRF - not blocking bittorrent

Hi All,

 

TAC have identified a defect and this will be fixed in 4.2.x.x code.

 

Scott

Search Airheads
Showing results for 
Search instead for 
Did you mean: