Two cherished rules blocking torrents for mikrotik
This note is a rethinking of the reviewed material on how to block torrent traffic and is an addition. Most of the methods I have reviewed allow you to block traffic, provided that the client does not include encryption, and most recently it has not been found. Often, clients when installing out of the box is already specified to use encryption. And the most popular client is uTorrent, which uses the uTP protocol.
Since it is not yet possible to track encrypted packets, it was decided to use UDP source address information of the packets with blacklisting of these sources for blocking.
To do this, create a rule that places the addresses of the sources of UDP packets of a certain length into the “torrentlist” list:
The following rule will block the passage of packets from sources indicated in the list:
')
What happens on the user side:
After starting the torrent client, the client begins to create peer connections over the UDP protocol. The first rule the router creates a list of "torrentlist" and adds to it the addresses, outgoing packets from which correspond to the specified packet length. The user gets traffic of 5-10 kbits / s and drops to zero within 2 minutes, as the list is filled, all packets from the ban list are cut.
These rules should be used in conjunction with the rules that were discussed in previous articles .
Perhaps over time, the principle of operation of p2p networks will change and we will have to look for new solutions.
Since it is not yet possible to track encrypted packets, it was decided to use UDP source address information of the packets with blacklisting of these sources for blocking.
To do this, create a rule that places the addresses of the sources of UDP packets of a certain length into the “torrentlist” list:
/ ip firewall filter add chain=forward action=add-src-to-address-list protocol=udp address-list=torrentlist address-list-timeout=0s packet-size=90-190 log=no log-prefix="" The following rule will block the passage of packets from sources indicated in the list:
')
/ ip firewall filter add chain=forward action=drop protocol=udp src-address-list=torrentlist dst-port=!80,443,53 packet-size=90-190 log=no log-prefix="" What happens on the user side:
After starting the torrent client, the client begins to create peer connections over the UDP protocol. The first rule the router creates a list of "torrentlist" and adds to it the addresses, outgoing packets from which correspond to the specified packet length. The user gets traffic of 5-10 kbits / s and drops to zero within 2 minutes, as the list is filled, all packets from the ban list are cut.
These rules should be used in conjunction with the rules that were discussed in previous articles .
Perhaps over time, the principle of operation of p2p networks will change and we will have to look for new solutions.
Source: https://habr.com/ru/post/364705/
All Articles