Hello team! I need to filter torrents, with the new encryption of torrent traffic, and now the rules I had dont work.
You can try to filter by popular trackers and websites that host them. Torrent protocol itself is encrypted. There is no reliable way to detect it.
Thanks Normis!
I will wait for a definitive solution. I count on you, the best team! regards
It will never be solved. As long as torrent client uses encryption, there are no way to stop it.
Use static DNS records with ip 127.0.0.1.
You can’t detect the bittorrent traffic itself and block it. It is for the most part encrypted nowadays.
What you can do is detect bittorrent announces, dht, pex, etc and block those. This way you deprive the bittorrent client the ability to find any peers and as a side effect you block bittorrent traffic.
There are many threads describing various methods of achieving this.
Static DNS for what? all the torrent search sites?
You can even use Google to search for torrent.
If you put 127.0.0.1 for google.com, the user can override this by edit host file and add correct ip for google.com
DNS is not the way to go.
I mean you can find main torrent sites, use your own dns server on router and assign to these domain names ip address 127.0.0.1
And as Jotne mentioned, I (user) then simply use another DNS server on my PC or edit my hosts file and I circumvent your ‘block’ in a matter of seconds.
DNS is not a solution. It’s what ISPs do to comply with stupid laws that governments come up with to block content.
Everyone with basic understanding of networking knows that it doesn’t work.
I’m going to try that … since it’s the traffic that’s coming out. Thank you very much. regards
Good luck.
If you find a working solution that blocks all torrent 100%, post it here and I will send you some money on PayPal.
To test your solution, download uTorrent, then do this:
Option->Preferences->BitTorrent->Protocol Encryption->Outgoing and set it to Forced.
If nothing goes trough, then you are on the right track. 
If ISP(you in your LAN) wants, he will block any requests on udp 53 port, except his own IP of dns server, in order to resolve dns name of web sites. So you can’t use google 8.8.8.8 or something else. Then, you have full control of resolving dns name of any sites.
Still does not solve any thing. How many site would you like to block? All, except the 10-15 you are normal using. Remember you need to block all search site, since you can use google to for torrent. Or just to a search for “piratebay proxy”.
If this is a company, threat is better. Tell all user that in their contract, its illegal to download torrent. If the do so, the will first get a warning and later get fired, if they are taken. You can see if a client download and upload lots of data, connected to many sites. But take care, other program like skype sets up many session, so not easy to take some red handed and prove it.
In my idea, just block as much torrent sites as possible. Of course I can’t block all web content.
That’s just naive…
I simply edit my hosts file and I don’t care if my ISP blocks port 53. Or I use the myriad mirrors for TPB for example.
Or I use a private DNS server running on another port and boom, I circumvent my ISP’s block.
Or I use an SSTP VPN over port 443. What will they do? Block https? That’s ridiculous.
DNS is not a solution. It’s just a cat and mouse game.
And the ISP cannot simply block the IPs that TPB for example resolves to. It’s hosted on Cloudflare. Which means that blocking its IPs will block tons of other sites as well.
The only partial way of blocking torrent traffic is by blocking the ability for a torrent client to find peers (announces, dht, pex, etc).
Blocking a torrent tracker doesn’t block anything. A user can still find the magnet URLs even on google and still get peers and start downloading.
And of course, all of you realize that not every torrent download is illegal. It is just a protocol, nothing more.
Even some software distributions and updates are offered as torrents (e.g. Debian).
The content may be illegal, but so is the content of any download.
So IMHO, while blocking an offending tracker is OK, but blocking the protocol itself is not (but being encrypted and using random ports makes any attempt futile anyway).
What one could do is limit the speed on other than well known ports, which will discourage the use of torrents and give users full speed access on them on a need to use basis.
On the other hand, if you are an ISP, then keep in mind one thing: As a customer, if you charge me for unlimited access at a certain speed, I will expect to be able to use that speed in an unlimited way, regardless of your opinion on it. So, unless you are the sole provider in my neighborhood or it is in the contract in written form, I will switch to another provider in a blink of an eye if you try to limit the access I pay for.
Good ISP won’t block any resource. Except the goverment will ask to.
josecignetti, well that is probably not possible.
You can not filter most traffic any more because of encryption.
You can block DNS and IP numbers. This will work OK but it is not a fix.
People can use VPN to bypass these problems and there are other ways of getting around this.
You could limit bandwidth for specific users, or IPs but that would impact all traffic.
There is not much you can do, other than actually talking to the person responsible
for the problems and get them to stop. If they are running a server or something
else disrupting the service.
Most IPSs, WISPs etc do have legal documents and if they think you are abusing
their service or you are in violation of TOS they can just terminate you from accessing
the services.
Download ultrasurf or use ultrasurf plugin for Chrome (created to bypass great wall of China), then see what you block.
We are using Forcepoint (Websense) at our work and ultrasurf bypasses it with ease.
2 ways come to mind (have used both w decent success).
1- assuming all your customers are using a dns server you control (ie the mt dns), you can use regex static entries, and normal static entries (and use a rule to redirect all udp 53 dns to your mt dns, to keep ppl from setting their own customer dns server ip).
Or regex on layer 7 to drop any torrent dns queries (regardless of which dns server your clients are using). this works well, or as a good point to add a client to a 24h address list (then slow their speeds or limit only their connection count). clients using encrypted dns or a dns server through a vpn, will ofcorse be immune to this.
see here: http://forum.mikrotik.com/t/block-torrents-p2p-traffic-100-working-on-all-versions/54137/1
2- limit connection count per minute per IP, ie usually when one runs a torrent download it will use alot of connections, and/or alot of connections to many different IPs (either limit connections per minute per IP, or use this to add their IP to a address list, then filter that address list) - clients using a vpn for all their traffic, will be immnue to this (as it looks like only 1 or a few connections to a single IP, from your standpoint). only option then is to queue the clients local IP (for either just the vpn traffic/vpn serverIP , or just specific traffic, or for all their traffic)
what ever you do, you need to test it and monitor that it does not affect your legit customers’, legit traffic. (ie you wont find a copy-paste that works 100% of the time and has 0 side effects, but you can get pretty close to that if you take the time). i know i didnt post rules / export in here, bc most of mine have been customized for each location, so just serach the forums (or better use google with:
SEARCHTERM site:forum.mikrotik.com