IPS:HowtoblockBitTorrentusingIntrusionPrevention

Service(IPS)(SW8074)

Title

UTMIPS:HowtoblockBitTorrentusingIntrusionPreventionService(IPS)

Resolution

ArticleAppliesTo:
AffectedSonicWALLSecurityAppliancePlatforms:

Gen6SME10000series:NSAE10800,NSAE10400,NSAE10200,NSAE10100
Gen6SM9000series:NSA9600,NSA9400,NSA9200
Gen6NSAseries:NSA6600,NSA5600,NSA4600,NSA3600,NSA2600

Gen5:NSAE8510,E8500,E7500,NSAE6500,NSAE5500,NSA5000,NSA4500,NSA3500,NSA
2400,NSA2400MX,NSA220,NSA220W,NSA240,NSA250M,NSA250MW
Gen5TZSeries:TZ100,TZ100W,TZ105,TZ105W,TZ200,TZ200W,TZ205,TZ205W,TZ
210,TZ210W,TZ215,TZ215W
Gen4:PROseries:PRO5060,PRO4100,PRO4060,PRO3060,PRO2040,PRO1260
Gen4:TZseries:TZ190,TZ190W,TZ180,TZ180W,TZ170,TZ170W,TZ170SP,TZ170SP
Wireless,TZ150,TZ150W,TZ150Wireless(RevB)
Firmware/SoftwareVersion:AllSonicOSfirmwareversions
Services:IPS

Feature/Application:ThisarticleillustratesthemethodtoblockBitTorrenttrafficusingtheIntrusion
PreventionService(IPS)intheSonicWALLUTMappliance.Note:ThisarticleisintendedforGen4TZ&
PROdevicesandGen5NSA&TZdevicespriortoSonicOS5.8.0.0version.InSonicOSEnhanced5.8.0.0
andaboveversionsthesesignaturesareunderFirewall>AppControlAdvanced.Ifyouhavea5.8.0.0
andabovefirmware,pleasecheckthisarticle:HowtoblockP2PApplicationsusingApplicationControl
Policies(eg.BitTorrent,eMule)ThesignatureIDs(SID)usedtoblockBitTorrentare
SID1717:BitTorrentAnnounceRequest
SID1718:BitTorrentClientActivity
SID2808:BitTorrentClientActivity2
SID1162:BitTorrentHTTPClientActivity
SID690:BitTorrentKTorrentClientActivity
SID63:BitTorrentOutboundDHTTraffic1
SID66:BitTorrentOutboundDHTTraffic3
 SID1994:BitTorrentPeerSync
SID1034:TrackerConnectionUDP
SID3330:BitTorrent.amSearchActivity1
SID3333:BitTorrent.amSearchActivity2

ClickToSeeFullImage.

AllBitTorrentsignaturesinSonicWALLIPSfallunderLowPriorityAttacksandunderCategoryP2P.
Normally,itisnotadvisabletoblocktheentireLowPriorityAttacksSignatureGroups,thereforeBitTorrent
havetobeblockedindividuallyusingitssignatureIDsorbyblockingtheP2Pcategory.

ClickToSeeFullImage.

Procedure:
1.LogintotheSonicWALLmangementinterface.
2.NavigatetotheNetwork>Zonespage.
3.EnableIPSontheWANandotherzonesasapplicable.
 ClickToSeeFullImage.

4.NavigatetotheSecurityServices>IntrusionPreventionpage.
5.EntereachsignatureIDlistedabove,underLookupSignatureID

ClickToSeeFullImage.6.ClickontheConfigurebuttonofeachBitTorrentsignature.

ClickToSeeFullImage.

7.SelectEnableunderPrevention
 ClickToSeeFullImage.

8.ClickOKtoapplythesettings.IfyouwishtoblocktheentireP2Pcategory,pleasefollow
thesesettings:
SelectP2PunderCategory

ClickToSeeFullImage.

ClickonConfigure
SelectEnableunderPrevention
 ClickToSeeFullImage.

HowtoTest:TrytodownloadafileusingaBitTorrentclientorfromaBitTorrentwebsiteandyouwillgeta
PageCannotbeDisplayederror.Checkthelogsandyouwillfindthefollowingerrormessages:

ClickToSeeFullImage.