How to manage torrents, dark-web and remote hackers?

The LucidView Torrent, Dark-Web & unauthorised remote access Management Solution employed by LucidView is designed around the typical the customers average bandwidth and connects consumed.  Outliers to the standard behaviour pattern are treated suspiciously as the behaviour is atypical which would then require further investigation.

With regards to Torrents, wWhilst this approach has proven to be highly effective at terminating torrenting sessions, there are going to be a handful of incidents where the user torrenting gets to the URL a few minutes before our AI has had time to assess, catalogue and kill.   These incidents should be negligible. However, as other key applications on the network require the ability to create direct IP connections to function properly – VoIP and File Share are good examples, we cannot simply kill off any direct IP connections as this would create issues for other applications.

That said, only after a user initiated connection proves itself to be a torrent, can it then be blocked.

LucidView manages these connections carefully, analysing each connections behaviour and then applying a nuanced approach:

We analyse the behaviour of all connections, any services that require the ability to create direct IP connections (No DNS) to properly function is flagged for inspection, the LucidView Torrent Management Solution then initiates an investigation and if the connection proves to be a torrent it is killed off, if it is a legitimate service, it is not.

Once we have ascertained with as much certainty as we can that we are likely not dealing with a torrent, we then further investigate the connection, examining the protocol, amount of bandwidth required for optimal functionality and any other relevant data.  Once we have gathered all the pertinent info we then factor in all aspects, i.e. protocol, requirements for optimal performance.

This investigation once completed, and conditions such as protocol and bandwidth requirements have been factored into the final decision, by allowing the connection to continue for a short period and by watching how it monopolies the available bandwidth we will be able to make a final and certain determination on whether or not it is a torrent.  In other words, we are giving the connection just enough rope to hang itself.

By permitting the connection to prove it’s nature unimpeded,  greatly reduces the number of false positives on the network, while at the same time ensuring that legitimate services such as VoIP and File Share are not punished.

The entire duration of the process described above will likely take at most, five minutes.  As such, if the connection is a torrent, 5 minutes of torrent traffic will be generated. This is minuscule and will likely not even be noticed.  It is however essential for solution to ensure it is correctly and swiftly blocked or killed.

An interesting aspect of our torrent management solution is that is not only blocks torrents, but blocks access to the entire dark web.

We do hope this document has explained why its better for the odd torrent to make it through for a couple of minutes than for an entire VoIP network to experience latency to the point it is unusable.  If we simply outright block direct IP connections with no investigations, we will reduce torrents, however, we will introduce a range of other issues.

This is the most practical method we found in both combating torrents while not impacting critical systems like VoIP.  If you have any suggestions that you think would work better do please contact us at support@lucidview.net

 

Back to FAQ's