How to classify Encrypted BitTorrent traffic on a PacketShaper

book

Article ID: 169109

calendar_today

Updated On:

Products

PacketShaper

Issue/Introduction

BitTorrent clients by their very nature are designed to be able to bypass or circumvent traditional network security methods and devices so as to allow their users access to downloads and P2P networks

Cause

Many modern BitTorrent clients have mechanisms to help users bypass security and management devices by obfuscating or encrypting the traffic to hide its true nature.

Resolution

The PacketShaper has tools which can help in identifying this traffic and applying policy to it.
 
  1. Download the BTUPD91.plg from the Bluecoat BTO site.
  2. Upload the plugin to the 9.256/PLG folder on the PacketShaper.
  3. Restart the PacketShaper to activate the plugin.
  4. Create a traffic class called "BitTorrent" based on the BitTorrent service group.
  5. Create a child class called “Encrypted” under the BitTorrent class.
  6. Select “BT Data” as the service and under “Criterion” select “Encrypted” and enter “yes” please note this must be in lower case.
  7. Once you have the classes created you can then apply your policy to the “Encrypted” class and also the “BitTorrent/Default” class depending on how you want to control the traffic.
  8. Copy the newly created class to the other direction so that you have matching traffic classes in both directions.