How to Block torrent 100%? Only 2 lines. It is solved.

sontrava · June 8, 2013, 11:35am

Here my most simple and effective method.

/ip f f
a ac=d ch=forward p2=all
a ac=d ch=forward in-i=e3 prot=udp cont=“d1:ad2:id20:” dst-p=1025-65535 packet-s=95-190 com=“torrent-DHT-Out-Magnet d1:ad2:id20:”
a ac=d ch=forward in-i=e3 prot=tcp cont=“info_hash=” dst-p=2710,80 com=“torrent /announce…”

rule №1 - Classic non-security torrent - It is a little used
rule №2 - block outgoing DHT (for .torrent and magnet )
rule №3 - block outgoing TCP announce (for .torrent) or Layer7 Rule - [?&]info_hash=.?%

this rule №4 - prohibits download .torrent files.
a ac=d ch=forward cont=“\r\nContent-Type: application/x-bittorrent” out-i=e3 prot=tcp src-p=80 com=“.torrent \r\nContent-Type…”

Rule №4 - version 2.
a ac=d ch=forward cont=“\r\n\r\nd8:announce” out-i=e3 prot=tcp src-p=80 com=“.torrent \r\nContent-Type…”

Paste this command only from the console. Because there is \r\n

this rule №5 - block LocalBroadcast OutGoing Torrent UDP (Destination MAC: 01:00:5E:40:98:8F)(Destination IP: 239.192.152.143:6771) (It is not required, Not necessarily)
a ac=d ch=forward cont="\r\nInfohash: " in-i=e3 prot=udp dst-p=6771 com=“torrent 6771 block Local Broadcast …”
Or it is even simpler - rule №5
a ac=d ch=forward in-i=e3 pr=u dst-p=6771
Paste this command only from the console. Because there is \r\n

e3=ether3 - LAN

Tested on
uTorrent 3.30
Azureus 2.5.0.0
BitTorrent/4.1.2
BitComet/1.36.5.2
mediaget/2.01.2359

I used sniffer CommView

DHT Outgoing UDP:

È.©!âq..BÔFÙ..EX
._.u..r.YÜÕ¨:’À¨
..‹k .Kk#d1:ad2
:id20:.×Ù¹¾Z5~'H
óYT….Tu³?e1:q4:
ping1:t4:U&.—1:v
4:UTs¹1:y1:qe

ANNOUNCE Outgoing TCP

GET /scrape.php?ak=11c35dbe37&&info_hash=%f7%9f%25%e6XA%e8bJ%27%3c%a0%7d%fa%8cQ%fd%3e%e3%c5 HTTP/1.1
Host: tracker.tfile.me %87%ee%ac9%95%e5%2f%acQw%cc%80%a9%bf%ea%e6%02%
User-Agent: uTorrent/3300(29544)
Accept-Encoding: gzip
Connection: Close

GET /001deb4fb4e08d85d887783284607ce2/scrape?info_hash=y%87%ee%ac9%95%e5%2f%acQw%cc%80%a9%bf%ea%e6%02%16_ HTTP/1.1
Host: bt.nnm-club.ru:2710
User-Agent: uTorrent/3300(29544)
Accept-Encoding: gzip
Connection: Close

User-Agent: uTorrent/3300(29544)
User-Agent: Azureus 2.5.0.0
User-Agent: BitTorrent/4.1.2
User-Agent: BitComet/1.36.5.2
User-Agent: mediaget/2.01.2359/
User-Agent: Mozilla/4.0

.torrent-link - Incoming TCP

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 07 Jun 2013 01:28:52 GMT
Content-Type: application/x-bittorrent
Content-Length: 13096
Connection: keep-alive
Keep-Alive: timeout=10
Set-Cookie: phpbb2mysql_4_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bs%3A7%3A%221960783%22%3B%7D; expires=Sat, 07-Jun-2014 01:28:50 GMT; path=/; domain=.nnm-club.ru
Set-Cookie: phpbb2mysql_4_sid=6145015fdfbd1249988a0d51c227a91b; path=/; domain=.nnm-club.ru
Content-Disposition: attachment; filename=“[NNM-Club.ru]_Kisti**.torrent**”
X-Backend-Status: BYPASS
X-Frontend-Status: BYPASS

d8:announce68:
http://bt.nnm-club.ru:2710/001deb4f8ee5b98d3fd3fa9e5489c9ae/announce13:announce-listll68:
http://bt.nnm-club.ru:2710/001deb4f8ee5b98d3fd3fa9e5489c9ae/announce70:
http://bt.nnm-club.info:2710/001deb4f8ee5b98d3fd3fa9e5489c9ae/announceel189:
http://retracker.local/announce.php?size=73663513
&comment=http%3A%2F%2Fnnm-club.ru%2Fforum%2Fviewtopic.php%3Fp%3D5651127
&name=%CA%E8%F1%F2%E8±+%CA%E8%F1%F2%E8+%E4%EB%FF+Photoshop+%5BABR%5Dee7:comment48:
http://nnm-club.ru/forum/viewtopic.php?p=565112710:created by13:uTorrent/204013:creation datei1369771330e8:encoding5:
UTF-84:infod5:filesld6:lengthi393490e4:pathl5:1.jpgeed6:lengthi220755e4:pathl5:2.jpgeed6:lengthi903549e4:pathl5:3.jpgeed6:
lengthi490880e4:pathl8:bone.abreed6:lengthi1116986e4:pathl24:chokingonstatic_film.abreed6:lengthi1662462e4:pa…

BroadCast Local Torrent OutGoing UDP

BT-SEARCH * HTTP/1.1
Host: 239.192.152.143:6771
Port: 41104
Infohash: 47B5A38DD14EC71478EC503B7E3E19E61E230A41

pcunite · June 8, 2013, 2:04pm

Thanks for sharing

ronix · June 8, 2013, 4:08pm

great work …

sontrava · June 8, 2013, 5:08pm

thanks.

alexanders · June 8, 2013, 5:47pm

Look like works only for nnm-club tracker…

№2 has been added from nnm-club and really blocked, №1,3 from another’s trackers..

sontrava · June 8, 2013, 6:03pm

Give me the URL of trackers
I will check more

alexanders · June 8, 2013, 6:13pm

tfile.me

sontrava · June 8, 2013, 6:55pm

I Fixed the rule №2. Пользуйтесь на здоровье.
You check how it works

sontrava · June 9, 2013, 1:49pm

I checked these torrents - All successfully blocked

tfile.ru
opensharing.org
rutor.org
sharlet.net
fast-torrent.ru
torrent-poisk.com
hdreactor.org
unionpeer.org
streamzone.org
megashara.com
riper.am
goldenshara.com
seedoff.net
kinomagia.tv
torrent.rus.ec
pirat.ca
kinozal.tv
kinokopilka.ru
bigtracker.org
torzona.ru
bigtracker.org
torzone.org
tsearch.iimedia.ru

DiegoBAI · June 26, 2013, 7:27pm

Hi, can you please re-post the updated commands?

Thanks

TonyJr · June 26, 2013, 11:04pm

Add to wiki?

n21roadie · June 27, 2013, 11:06am

+1

sontrava · June 28, 2013, 8:59pm

In The Mikrotik All commands can be shortened
example:

/ip f f ----> / ip firewall filter
a ac=d ch=forward ----> add action=drop chain=forward

ven16 · June 29, 2013, 7:50am

can you please post updated commands

how can i use for below scenario including with squid server.

thank you

mahnet · July 6, 2013, 4:49am

/ip firewall filter
add action=drop chain=forward disabled=no p2p=all-p2p
add action=drop chain=forward comment=“torrent dht out magnet” content=d1:ad2:ad20 disabled=no dst-port=1025-65535 packet-size=95-190 protocol=udp
add action=drop chain=forward comment=info_hash content=info_hash disabled=no dst-port=2170,80 protocol=tcp

Is the above mentioned a correct interpretation of what has been suggested. I have only not mentioned the IN-INTERFACE so that any traffic detected on any port is stalled.
Is the dst-port=2170.80 correct.
Please suggest.

brianlewis · July 7, 2013, 5:07pm

Updated commands without ‘IN INTERFACE’ defined because not all of us have an E3 interface

/ip f f
a ac=d ch=forward p2=a
a ac=d ch=forward pr=u cont=“d1:ad2:id20:” dst-p=1025-65535 packet-s=95-190 com=“torrent-DHT-Out-Magnet d1:ad2:id20:”
a ac=d ch=forward pr=t cont=“info_hash=” dst-p=2710,80 com=“torrent /announce…”

You can then edit with Winbox the 2nd and 3rd rule for the IN Interface to be from your user network.

yurichem · September 5, 2013, 7:53pm

not work at all with vuze
ant i tested some torrent downloads, the rule is not working for me
but torrent-traffic is perfectly block for uTorrent and MediaGet

lilproten · September 9, 2013, 7:49am

MY IS NOT WORKING I HAVE A MIKROTIK RB2011 AND NO MATTER WHAT I DO THE BLOCKING OF U TORRENT DOES NOT EVEN WORK.PLEASE I REALLY NEED HELP.

ohara · September 10, 2013, 4:50pm

I have implemented these rules successfully a few days ago. I would like to create routing marks out of those rules to be albe to route p2p through a different gateway. If anyone has done that already please let me know.
add action=drop chain=forward comment=“TORRENT No 1: Classic non security torrent” disabled=no p2p=all-p2p
add action=drop chain=forward comment=“TORRENT No 2: block outgoing DHT” content=d1:ad2:id20: disabled=no dst-port=1025-65535 packet-size=95-190 protocol=udp
add action=drop chain=forward comment=“TORRENT No 3: block outgoing TCP announce” content=“info_hash=” disabled=no dst-port=2710,80 protocol=tcp
add action=drop chain=forward comment=“TORRENT No 4: prohibits download .torrent files. " content=”\r\nContent-Type: application/x-bittorrent" disabled=no protocol=tcp src-port=80
add action=drop chain=forward comment=“TORRENT No 5: 6771 block Local Broadcast” content=“\r\nInfohash:” disabled=no dst-port=6771 protocol=udp

lilproten · September 10, 2013, 9:13pm

when i paste the code into the winbox terminal i get this error