# bittorrent.rope - ROPE script to block Bittorrent transfers using # IpTables and Netfilter. # # By : Chris Lowth - December 2004 # Support Forum : http://www.lowth.com/rope/HelpForum # ROPE Language Home : http://www.lowth.com/rope # Script Home : http://www.lowth.com/rope/BlockingBittorrent # License : GPL (http://www.lowth.com/rope/GPL) # Copyright (C) 2004 Chris Lowth - http://www.lowth.com # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # # Insert this script into an iptables chain using a command like # # iptables -A FORWARD -p tcp -m rope --script bittorrent -j DROP # There are two styles of packet we look for. The first is the # protocol setup, the second is for initiating searches and/or # downloads. # -- packet type 1 -- # 0x0000 4500 006c 40b4 4000 8006 4506 c0a8 0066 E..l@.@...E....f # 0x0010 c41e efa4 0729 1ae2 b65b 7e40 bc89 e335 .....)...[~@...5 # 0x0020 5019 ffff cf93 0000 1342 6974 546f 7272 P........BitTorr # 0x0030 656e 7420 7072 6f74 6f63 6f6c 0000 0000 ent.protocol.... # 0x0040 0000 0000 9f42 6ffd f801 3595 2350 0ed8 .....Bo...5.#P.. # 0x0050 7aae aae8 5c54 8c45 2d41 5a32 3230 302d z...\T.E-AZ2200- # 0x0060 7a59 5044 324e 644f 5852 784e zYPD2NdOXRxN # -- packet type 2 -- # 0x0000 4500 011e 5aa4 4000 8006 fd67 c0a8 0066 E...Z.@....g...f # 0x0010 43a9 9d16 0821 1f92 d3ec 1a63 2d74 9795 C....!.....c-t.. # 0x0020 5018 ffff 94f3 0000 4745 5420 2f73 6372 P.......GET./scr # 0x0030 6170 653f 696e 666f 5f68 6173 683d 2539 ape?info_hash=%9 # 0x0040 4642 6f25 4644 2546 3825 3031 3525 3935 FBo%FD%F8%015%95 # 0x0050 2532 3350 2530 4525 4438 7a25 4145 2541 %23P%0E%D8z%AE%A # 0x0060 4125 4538 2535 4354 2538 4345 2048 5454 A%E8%5CT%8CE.HTT # 0x0070 502f 312e 310d 0a55 7365 722d 4167 656e P/1.1..User-Agen # 0x0080 743a 2041 7a75 7265 7573 2032 2e32 2e30 t:.Azureus.2.2.0 # 0x0090 2e30 0d0a 4163 6365 7074 2d45 6e63 6f64 .0..Accept-Encod # 0x00a0 696e 673a 2067 7a69 700d 0a48 6f73 743a ing:.gzip..Host: # 0x00b0 2074 7261 6e73 616d 7269 742e 6e65 743a .transamrit.net: # 0x00c0 3830 3832 0d0a 4163 6365 7074 3a20 7465 8082..Accept:.te # 0x00d0 7874 2f68 746d 6c2c 2069 6d61 6765 2f67 xt/html,.image/g # 0x00e0 6966 2c20 696d 6167 652f 6a70 6567 2c20 if,.image/jpeg,. # 0x00f0 2a3b 2071 3d2e 322c 202a 2f2a 3b20 713d *;.q=.2,.*/*;.q= # 0x0100 2e32 0d0a 436f 6e6e 6563 7469 6f6e 3a20 .2..Connection:. # 0x0110 6b65 6570 2d61 6c69 7665 0d0a 0d0a keep-alive.... $ip_protocol IPPROTO_TCP eq assert expect_one( # Protocol initialisation { expect_str( "\0x13BitTorrent protocol\0\0\0\0\0\0\0\0" ) move(20) expect_while( { isgraph } ) strlen 20 eq assert $offset $packet_len eq assert dropall yes } # Check out HTTP "GET" requests { expect_str( "GET /" ) expect_one( # request for download of the file itself { expect_one( { expect_str( "scrape" ) yes } { expect_str( "announce" ) yes } ) expect_str( "?info_hash=" ) expect_to( "\n" ) isascii assert move(-11) expect_str( " HTTP/1." ) expecti_to( "\r\nAccept-Encoding: gzip\r\n" ) isascii assert expect_to( "\r\n\r\n" ) isascii assert dropall yes } # request for a .torrent file { expect_to( "\n" ) isascii assert move( -19 ) expect_str( ".torrent HTTP/1." ) expect_to( "\r\n\r\n" ) isascii assert dropall yes } ) yes } ) yes