Un-Blocking Torrents

Most system administrators use below techniques to block Bit Torrent on the network.

1. Disable installation of torrents clients like µTorrents on your system. The assumption is that without a torrent client a user will not be able to download a torrent file.

2. Block the download of any file that has a .torrent file extension. All torrent meta files have a .torrent extension. If a user is not able to download the torrent meta file, then it will not know the location of the target file and hence it will not be able to successfully download it.

3. Blocking the ports used by torrent clients like µTorrent.

Let us know how easy to bypass these commonly used blocking mechanism.
If your administrator does not allow you to install torrent clients on your system, then it is still possible for you to download torrents with the help of web based torrent clients which allow you to download the torrent file straight from your browser!

Web based Torrent Client
Open your browser and type www.bitlet.org in the address bar and open the website.
Type the torrent URL that you want to download inside of the www.bitlet.org webpage and download your torrent without any hassles.

Tracking of intruder

The information provided on an intruder depends on the levels of tracking that you’ve enabled on your Honey Pot. Common tracking levels include the firewall, system logs on the Honey Pot and sniffer-based tools.

Firewall Logs
Firewalls are useful as part of the overall Honey Pot design for many reasons. Most firewalls provide activity-logging capabilities which can be used to identify how an intruder is attempting to get into a Honey Pot. I liken firewall logs to router logs; they can both be set to trap and save packets of a pre-determined type. Remember that when setting up the firewall, you would normally want to log ALL packets going to the Honey Pot system, as there should be no legitimate reason for traffic going to or from the Honey Pot.

Reviewing the order, sequence, time stamps and type of packets used by an intruder to gain access to you Honey Pot will help you identify the tools, methodology being used by the intruder and their intentions. Depending on the detail capabilities of logging on your firewall you may or not be able to gain considerable information from these logs.

Another useful function of many firewalls is their notification capabilities. Most firewalls can be configured to send alerts by email or pager to notify you of traffic going to or from your Honey Pot. This can be extremely useful in letting you review intruder activity on your Honey Pot.

System Logs
Unix and Microsoft NT seem to have the lion share of the Internet server markets. Luckily, both operating systems have logging capabilities built into their operating systems, which help identify what changes or attempts have been made. It should be noted that out-of-the box, Unix offers superior logging capabilities as compared to Microsoft NT.

Some of their out-of-the box logging capabilities include:

Microsoft NT

• Security: Available from Event Viewer
• User Management: Needs to be enabled through User Manager
• Running Services: Netsvc.exe needs to be manually run and compared to baseline.

Unix

• User activity logs: utmp, wtmp, btmp, lastlog, messages
• Syslogd: An important option is that it can log to a remote server! The range of facilities and priorities available through syslogd is very good.

There are some tools available that greatly increase the information that can be gathered. Many of the Unix tools are public domain, while many of the Microsoft NT tools are not.

Sniffer Tools
Sniffer tools provide the capability of seeing all of the information or packets going between the firewall and the Honey Pot system. Most of the sniffers available are capable of decoding common tcp packets such as Telnet, HTTP and SMTP. Using a sniffer tool allows you to interrogate packets in more detail to determine which methods the intruder is trying to use in much more detail than firewall or system logging alone.
An additional benefit to sniffer tools is that they can also create and store log files. The log files can then be stored and used for forensic purposes.

What is a Honeypot?

A Honey Pot system is setup to be easier prey for intruders than true production systems but with minor system modifications so that their activity can be logged of traced. The general thought is that once an intruder breaks into a system, they will come back for subsequent visits. During these subsequent visits, additional information can be gathered and additional attempts at file, security and system access on the Honey can be monitored and saved.

Generally, there are two popular reasons or goals behind setting up a Honey Pot:

1. The general idea is that since a record of the intruder’s activities is kept, you can gain insight into attack methodologies to better protect your real production systems.
2. Gather forensic information required to aid in the apprehension or prosecution of intruders. This is the sort of information often needed to provide law enforcement officials with the details needed to prosecute.
3. The common line of thought in setting up Honey Pot systems are that it is acceptable to use lies or deception when dealing with intruders. What this means to you when setting up a Honey Pot are those certain goals have to be considered. Those goals are:

The Honey Pot system should appear as generic as possible. If you are deploying a Microsoft NT based system, it should appear to the potential intruder that the system has not been modified or they may disconnect before much information is collected. You need to be careful in what traffic you allow the intruder to send back out to the Internet for you don’t want to become a launch point for attacks against other entities on the Internet.

You will want to make your Honey Pot an interesting site by placing "Dummy" information or make it appear as though the intruder has found an "Intranet" server, etc. Expect to spend some time making your Honey Pot appear legitimate so that intruders will spend enough time investigating and perusing the system so that you are able to gather as much forensic information as possible.

The information gathered from a Honey Pot system is used for prosecution purposes, it may or may not be deemed admissible in court. While information regarding this issue is difficult to come by, having been hired as an expert witness for forensic data recovery purposes.

Whether hacking organizations will rally against an organization that has set "traps" and make them a public target for other hackers. Examples of this sort of activity can be found easily on any of the popular hacker’s sites or their publications.