Most commercial firewalls only block incoming, they allow all outgoing and that is sometimes enough to get torrents working with minimal speed.
If you need to block it, the best thing you can do is block all outgoing on the router, excluding items that are needed such as smtp, pop3, http, https.
Also, block UPnP as this dynamically allows clients to assign / make outgoing/incoming connection rules.
Deep packet inspection is the way to go here. The traffic has to be examined in order to block it effectively. If encryption is used, though, all bets are off.
You might try looking at Untangle. It sounds like it could do what you want.
You could use a Squid proxy server or a Smoothwall firewall appliance. These would work because traffic shaping needs to use "deep packet inspection" to detect the protocol type.
If you cant figure out how to block the traffic then you have 2 more options:
Limit bandwidth by IP
Limit number of inbound connections by IP (that would slow Torrent to a crawl).
Your default firewall rule should be to deny all traffic in any direction
Other rules should be added on a pre requirement basis. For example, your DNS server(s) should be allowed to perform DNS lookups on the internet from the private network, but possibly no other machine should be allowed. Your HTTP proxy server should be allowed out on ports 80 and 443, no other devices should have this access unless absolutely required
I have to disagree with Wil, any well configured firewall should take in to account traffic in both directions. If it doesn't, the value of a firewall is somewhat lost as traffic does indeed flow in and out
I would suggest you review your infrastructure, and figure out what requires access in what direction. And, check your logs frequently for any traffic that's being denied, and act upon it if required
Block all incoming and outgoing traffic to ports 6800-7000 to block most default setups for bittorrent clients.
The problem with this is that users can adjust the ports on the client to use other ports.
As another stated, just having inbound traffic on port 80 is enough for many bittorrent clients to work, just very slowly.
The only true way to block it is if there is some marker in the packet from/to the bittorrent client that an intelligent router/firewall could read and then block. I am not aware of any markers like this, though. And most routers/firewalls would only read certain parts of the header, not the whole packet, which would be needed. It could add a significant delay to all network traffic at a large site.
You can also use a DNS system such as OpenDns and set security up so that the known torrent tracking domains are blocked. I believe there is already a very large database of them. You can also have this system setup to not allow access to gaming sites, social networking sites, ect. It all depends on your business and if your network users should be allowed access to facebook or not.
Make it a KNOWN policy that it will not be tolerated, and appropriate action will be taken.
Perform random security audits of desktops to make sure that the security settings put in place are still in place.
You can list popular torrent sites and block HTTP requests to them. This will disable uses from loading ".torrent" files, so they won't be able to use torrent clients. Mostly :)
Most commercial firewalls only block incoming, they allow all outgoing and that is sometimes enough to get torrents working with minimal speed.
If you need to block it, the best thing you can do is block all outgoing on the router, excluding items that are needed such as smtp, pop3, http, https.
Also, block UPnP as this dynamically allows clients to assign / make outgoing/incoming connection rules.
Deep packet inspection is the way to go here. The traffic has to be examined in order to block it effectively. If encryption is used, though, all bets are off.
You might try looking at Untangle. It sounds like it could do what you want.
You could use a Squid proxy server or a Smoothwall firewall appliance. These would work because traffic shaping needs to use "deep packet inspection" to detect the protocol type.
If you cant figure out how to block the traffic then you have 2 more options:
Your default firewall rule should be to deny all traffic in any direction
Other rules should be added on a pre requirement basis. For example, your DNS server(s) should be allowed to perform DNS lookups on the internet from the private network, but possibly no other machine should be allowed. Your HTTP proxy server should be allowed out on ports 80 and 443, no other devices should have this access unless absolutely required
I have to disagree with Wil, any well configured firewall should take in to account traffic in both directions. If it doesn't, the value of a firewall is somewhat lost as traffic does indeed flow in and out
I would suggest you review your infrastructure, and figure out what requires access in what direction. And, check your logs frequently for any traffic that's being denied, and act upon it if required
You might want to take a look at a similar question I asked a little while back:
Battling Bittorrent
Hope this helps.
Block all incoming and outgoing traffic to ports 6800-7000 to block most default setups for bittorrent clients.
The problem with this is that users can adjust the ports on the client to use other ports.
As another stated, just having inbound traffic on port 80 is enough for many bittorrent clients to work, just very slowly.
The only true way to block it is if there is some marker in the packet from/to the bittorrent client that an intelligent router/firewall could read and then block. I am not aware of any markers like this, though. And most routers/firewalls would only read certain parts of the header, not the whole packet, which would be needed. It could add a significant delay to all network traffic at a large site.
You can also use a DNS system such as OpenDns and set security up so that the known torrent tracking domains are blocked. I believe there is already a very large database of them. You can also have this system setup to not allow access to gaming sites, social networking sites, ect. It all depends on your business and if your network users should be allowed access to facebook or not.
Make it a KNOWN policy that it will not be tolerated, and appropriate action will be taken.
Perform random security audits of desktops to make sure that the security settings put in place are still in place.
Intrusion Prevention Systems handle this seemlessly. We use Tipping Point.
You can list popular torrent sites and block HTTP requests to them. This will disable uses from loading ".torrent" files, so they won't be able to use torrent clients. Mostly :)