Charm one:
Situation 1:
BT users should first select a torrent file from BT website to download, which contains the contents of the file to be downloaded, the URL of the Tracker server and the task connection address. This process usually has no influence on intranet users behind the firewall, because requesting torrent files is equivalent to accessing ordinary web pages, and intranet users can complete this step as long as they are allowed to surf the Internet.
Charm one:
1) Add a policy to prohibit access to major BT websites in the firewall. (heavy workload)
2) Firewall can configure HTTP policy to prohibit downloading torrent extension.
Break the world solution 1:
1) There are a lot of BT websites now, so look for them later. If you have to visit some popular BT websites, you can use HTTP proxy.
2) Change the extension of the file name to be downloaded for downloading.
3) More directly, download the file to be downloaded to a place where seeds can be downloaded, save it on a USB flash drive or ask a friend to help you download it and send it to you or MSN and QQ. In this way, no matter how banned by the network management, there is no way to prevent it.
Situation 2:
Since the URL of the Tracker server was obtained in the first step, this step is to use this URL to connect to it. The main purpose is to get a list containing other BT clients (we call these BT clients peer clients) from the Tracker server. The ports used by the Tracker server are usually 8 1, 82,6969,8000,8001,8080 of TCP. If the firewall does not allow access to these external ports, intranet clients will not be able to connect to the Tracker server.
Enchantment 2:
1) Close the public port of the above Tracker server in the firewall.
Note: For the company, the ports mentioned above can be completely shielded. As an operator, blocking ports such as home and Internet cafes will cause some software that uses the above ports as monitoring ports to fail, and users will not be able to access websites with certain ports. Admittedly, sealing ports is a direct and simple method, but I don't recommend it.
2) Access to common tracking servers is prohibited. For example: btfans.3322.org. Although the principle of this method is the same as that of prohibiting access to BT websites, the address of Tracker server is far less than that of BT websites. The workload is much less.
Illegal 2:
Both of the above prevention methods can bypass the firewall through the proxy. A more direct method is to replace the new BT software supporting DHT technology. DHT technology can get the IP information of the same file being downloaded when you can't connect to the Tracker server, and complete the whole downloading process. For example, DHT technology has been supported since BitComet version 0.59.
Situation 3:
After connecting to the Tracker server, if the BT client is a public network user, the server will connect the BT client in reverse to check whether the BT client can be connected by other BT clients, and the successful BT client will be added to the peer-to-peer list. If the client is an intranet user, there are two ways to make the server connect reversely.
Firstly, if the routing supports UPnP technology, the UPnP service can be started. For an intranet computer, UPnP function can make NAT module of gateway or router do automatic port mapping, and map ports monitored by BT software from gateway or router to intranet computer. The network firewall module of the gateway or router begins to open the port to other computers on the Internet.
The second method is to set the routing port mapping, and map the designated port to a computer in the intranet. The BT software of this computer uses this designated port to communicate with other computers on the Internet. Because the data transmission on BT connection is two-way, you are not connected by others, and you also lose the opportunity to download data from others. Through the above two methods, BT clients in the intranet can also join the peer-to-peer list, thus increasing the chances of being connected.
Enchantment 3:
Now that we know that BT software can only communicate through one listening port, we can shield common ones. Such as: 6881-6889881-8889,16881-kloc-0/6889. This method is usually used by most network managers and operators.
Breaking the World Solution 3:
Generally, network managers and operators will not turn off the UPnP function because it is essential for many services. Here, the author can remind the network administrator who is using this method that many BT softwares now use random ports, which means that the listening ports of BT clients are no longer in the range of blocked ports. As long as the BT software is updated, the method of intercepting the listening port can be cracked.
Situation four,
At present, many BT softwares are based on Bittorrent protocol, and the communication between them must comply with Bittorrent protocol.
Enchantment 4:
1) All Bittorrent protocol packets can be masked by unpacking because they all communicate according to Bittorrent protocol. That is to say, there are some softwares (such as P2P Terminator) that stop P2P based on the application layer.
2) Use a "deep protection" firewall (such as Microsoft ISA Server), use Sniffer software to capture all kinds of BT software, and filter the signatures used by the software in the application layer protocol.
3) Install PDLM module on Cisco router, and intercept BT by PDLM+N BAR method.
Illegal four:
The author can't think of a good way to crack the first and second prevention methods for the time being, and the only way is to bribe the network management. Haha, this method is effective for any preventive method. As for the third method, I have tried to set up a Cisco router to test the intranet, and found that I can still download the software normally with BitComet 0.67. It is believed that BitComet encrypts the BT protocol and bypasses the detection of the router.