In order not to affect the normal business, the administrator of the enterprise network needs to try to close all the ports that BT may pass, block some specific seed publishing sites, and block the BT attempts in the enterprise as a whole. Editor's note: BT downloads are causing harm to more and more corporate offices, and BT downloads in public and telecom networks are also consuming the operating network bandwidth. Once the first "seed" (download source) appears, a large number of BT users will follow up and form a large-scale BT download network. Different from point-to-point, this “group survival” network, while reflecting the freedom of the Internet, also reflects the disorder of the Internet. And when this kind of disorder ┥ 5. 狡笠 low 缧磐 缧磐 虮涑晌薹ㄈ萑痰 虮涑晌薹ㄈ萑痰 虮涑晌薹ㄈ萑痰 ? BT BT full name is Bit Torrent, is a P2P software, and traditional FTP, HTTP and other download methods Different, the more people use BT, the faster the speed. Traditional FTP, HTTP, and PUB transfer files from the server to the client. This causes problems. The increase in the number of users requires high bandwidth and high server performance, which also affects the stability of the server. Therefore, many servers will There are restrictions on the number of users and restrictions on the download speed, which causes a lot of inconvenience to the user. BT has fundamentally solved this problem. BT adopts a similar pyramid scheme to achieve sharing. At the same time of downloading, it also provides uploads for other users, so it will not reduce the download speed as the number of users increases. . It is very convenient to use, and its characteristics are simply: the more people download, the faster the speed. Commonly used BT software is BitTorrent, PTC, Shareaza, BitTorrent++ and so on. ● BitTorrent is a multi-point download source code public P2P software, very convenient to use, just like a browser plug-in, very suitable for new popular downloads. ● PTC (Personal Torrents Collector) is one of the best software in the current BitTorrent download client. PTC's multi-threading capability enables users to download and upload resources in batches faster. ● Shareaza combines the features of popular P2P software such as eDonkey, Guntella and BT, and can be used for HTTP and FTP downloads. It has excellent interface, simple operation and strong curability. ● BitTorrent++ is much more functional and more user-friendly than BitTorrent, making up for BitTorrent's simplistic and lack of fine-tuning, especially for sharing. If you turn off BitTorrent++ midway, just open the program again and you will continue to download the original, without the trouble of BitTorrent's resume. These BT download softwares are favored by users because of their unique advantages. However, the trouble comes along: if multiple users use BT to download at the same time, it will consume a lot of network bandwidth and seriously affect the normal work of other users. In some enterprises' local area networks, school campus networks, and operators' metropolitan area networks, BT has abused network resources, which affects the development of other normal services. Therefore, in some environments it is absolutely necessary to strictly limit the user's BT download traffic or completely prohibit BT downloads. In general, the following seven most straightforward ways are available. Restricted browsing of BT websites
There are many BT websites, but considering the characteristics of BT downloads: the more people download, the faster the speed; the more Seed, the faster the speed. Only the more popular BT sites will download more Torrent files. The average BT site will have fewer people to go to, and the number of people to download will be less unless he can tolerate a few K per second. Therefore, for the more popular BT websites, the URL filtering rules are configured on the security gateway. After that, the filtering Http_Filter function is enabled on the outbound interface, and access to them is prohibited. Block access to the Tracker server Tracker is a program that runs on the server and can track how many people are downloading the same file at the same time. When the client connects to the Tracker server, it will get a list of downloaders, and BT will automatically connect to other people's machines for download. Generally, access to the tracker server is performed in the form of HTTP. If the gateway of the enterprise network has a graphical management log, all the records about the HTTP information can be queried. If there is a BT download, the corresponding HTTP packet is found in the log, and the Tracker server information can be obtained according to the content of the packet, and then A rule is configured on the device to prevent internal users from accessing the server. The number of Tracker servers should be much smaller than the number of popular BT sites. Many sites are redirected to other sites. If you can find the address of these Tracker servers, this is a very effective method. With the Tianqing Hanma Multi-Function Security Gateway, the Tracker server can be easily found based on the query log. Closed BT download port to solve the harm of BT to LAN, the most thorough method is not allowed to download BT, BT generally uses TCP port 6881 ~ 6889, network administrators can judge according to changes in network traffic, will be specific in the gateway The seed publishing site and port are blocked, and the information can be obtained in the Track in the BT download software; but now most BT software can modify the port number, so the network management can be as far as possible without affecting the normal business according to the actual situation. Extend the closed port range and close some specific seed publishing sites and ports. Limiting User Bandwidth
BT compromises LAN because it consumes a lot of network bandwidth. Therefore, limiting the network bandwidth used by each user can significantly alleviate the harm of BT to the network; at the same time, for some operational networks, it is unreasonable to completely prohibit BT use, and limiting the bandwidth used by each BT becomes a better choice. . Network administrators can use some management software or network hardware configuration to perform finer-grained rate limiting for application flows. For example, the priority of BT users is limited to 5 (0 highest, 7 lowest) and the bandwidth is limited to 64Kbps. This will ensure that the BT software is used without affecting the development of other services. Limiting the maximum number of connections When using the BT software, the downloader periodically registers with the tracker so that the tracker can understand their progress, and the downloader downloads and downloads the data through a direct connection. The connection uses the BitTorrent pair. And other protocols, it is based on TCP. Therefore, the network administrator can control the maximum number of TCP connections for these features, so as to control the BT's occupation of the network bandwidth. Filtering the application layer protocol using the HTTP proxy When the BT client downloads, the Tracker query must be performed. The Tracker receives the information through the parameters of the HTTP GET command, and the response to the other party (the downloader) is the Bencoded encoded message. The HTTP request packet carries the BT feature value User-Agent: BitTorrent. For this situation, the network administrator can filter specific application layer data packets (such as HTTP data packets) through some security management devices, traffic management devices, and even network management system software, and then according to the keywords in the BT data packets (BitTorrent). , filtering BT packets from HTTP packets (as shown in Figure 1). Blocking BT stream
There are still some BT software that do not use the HTTP to get the Peers list, but use the TCP/UDP protocol, but the BT stream still contains the "BitTorrent" signature; if the network device has Products that can be identified for the "BitTorrent" signature included in the BT stream are much easier to block or limit their bandwidth (as shown in Figure 2).