For admins that wanted to stop torrent downloads

"SSCR Internet Admin" <admin@xxxxxxxxxxxxxx> · Tue, 23 Oct 2007 13:39:24 +0800

Hi,

I am experimenting on how to stop torrent downloads, but when a torrent
client already established a connection, it don't drop the packets at all.
I hope someone could share a thought or two about my approach....

1. Run squid on transparent mode
2. I run this iptables command...

#Reroute all ports to port 3128
$IPT -t nat -I PREROUTING -i $INT -p tcp --dport 80 -j DNAT  --to
192.168.100.1:3128
$IPT -t nat -I PREROUTING -i $INT -p tcp --dport 1024:1135 -j DNAT  --to
192.168.100.1:3128
$IPT -t nat -I PREROUTING -i $INT -p tcp --dport 1137:1233 -j DNAT  --to
192.168.100.1:3128
$IPT -t nat -I PREROUTING -i $INT -p tcp --dport 1235:3477 -j DNAT  --to
192.168.100.1:3128
$IPT -t nat -I PREROUTING -i $INT -p tcp --dport 3480:4999 -j DNAT  --to
192.168.100.1:3128
$IPT -t nat -I PREROUTING -i $INT -p tcp --dport 5002:5049 -j DNAT  --to
192.168.100.1:3128
$IPT -t nat -I PREROUTING -i $INT -p tcp --dport 5051:5099 -j DNAT  --to
192.168.100.1:3128
$IPT -t nat -I PREROUTING -i $INT -p tcp --dport 5101:5221 -j DNAT  --to
192.168.100.1:3128
$IPT -t nat -I PREROUTING -i $INT -p tcp --dport 5224:7776 -j DNAT  --to
192.168.100.1:3128
$IPT -t nat -I PREROUTING -i $INT -p tcp --dport 7778:8079 -j DNAT  --to
192.168.100.1:3128
$IPT -t nat -I PREROUTING -i $INT -p tcp --dport 8082:8342 -j DNAT  --to
192.168.100.1:3128
$IPT -t nat -I PREROUTING -i $INT -p tcp --dport 8344:8482 -j DNAT  --to
192.168.100.1:3128
$IPT -t nat -I PREROUTING -i $INT -p tcp --dport 8484:9989 -j DNAT  --to
192.168.100.1:3128
$IPT -t nat -I PREROUTING -i $INT -p tcp --dport 9992:9997 -j DNAT  --to
192.168.100.1:3128
$IPT -t nat -I PREROUTING -i $INT -p tcp --dport 10001:19999 -j DNAT  --to
192.168.100.1:3128
$IPT -t nat -I PREROUTING -i $INT -p tcp --dport 20001:65535 -j DNAT  --to
192.168.100.1:3128

4. I have found this logs on cache.log

2007/10/23 13:47:42| parseHttpRequest: Requestheader contains NULL
characters
2007/10/23 13:47:42| parseHttpRequest: Unsupported method 'BitTorrent'
2007/10/23 13:47:42| clientReadRequest: FD 137 (192.168.100.61:3907) Invalid
Request
2007/10/23 13:47:43| parseHttpRequest: Requestheader contains NULL
characters
2007/10/23 13:47:43| parseHttpRequest: Unsupported method 'BitTorrent'
2007/10/23 13:47:43| clientReadRequest: FD 89 (192.168.100.61:3908) Invalid
Request
2007/10/23 13:47:43| parseHttpRequest: Requestheader contains NULL
characters
2007/10/23 13:47:43| parseHttpRequest: Unsupported method 'BitTorrent'
2007/10/23 13:47:43| clientReadRequest: FD 152 (192.168.100.61:3909) Invalid

I don't know if these experiment also exist, but it's a good way, maybe
someone could make a patch that blocks torrents or p2p apps based on the
cache.log results.

Thanks.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.