How do you block bit torrent traffic with a Cisco ASA?
I have referenced an old external Cisco article on how to block Bit torrent traffic referenced on-line Here
This procedure I have found only works 50% of the time.
I find blocking bit torrent specific ports, and doing the regex do work, it just does not catch all the traffic.
object-group service bit-torrent-services tcp-udp port-object eq 6969 port-object range 6881 6999
regex bit-torrent-tracker ".*[Ii][Nn][Ff][Oo]_[Hh][Aa][Ss][Hh]=.*"
Does anyone have more up to date regex for finding bit torrent traffic? Or does is this the limits of the ASA at this time?
Bittorrent clients can (and do) use random ports. Blocking the common ports will only encourage users to move to different ports. Also, the inter-client traffic has supported encryption for some years now -- originally as a means to limit ISP interference -- making the actual p-t-p traffic unrecognizable.
Looking for "info_hash" in the client-tracker communication, while somewhat effective, is also easily defeated. (tor, ssl, vpn, etc.) It also does nothing to stop tracker-less swarms (DHT), peer-exchange (PEX), UDP tracker protocol...
If you've managed to kill 50%, count yourself lucky. This is a game of whack-a-mole you cannot win.