How to prevent p2p terminator from intercepting BT connection?

Principle and Breakthrough of P2P Terminator

Under normal circumstances, P2P Terminator is a good network management software, but many people use it to maliciously restrict other people's traffic and make others unable to surf the Internet normally. Let's introduce its function, principle and breakthrough method in detail!

Let's take a look at the information from PSP on the Internet: P2P Terminator is a set of network management software specially developed by net. Software studio for controlling P2P download flow in enterprise network. This software provides a very simple solution to the problem that P2P software occupies too much bandwidth at present. The software is based on the underlying protocol analysis and processing, and has good transparency. The software can adapt to most network environments, including proxy servers, ADSL routers, private LAN lines and other network access environments.

P2P Terminator completely solves the problem that the switch connects to the network environment, so that it can control the P2P traffic of the whole network only by being installed on any host, which has good control transparency for the hosts in the network, thus effectively solving the extremely headache problem of many network administrators at present, and has good application value.

The function can be said to be relatively powerful, and the author developed it for network management. However, because the cracked version of P2P Terminator is widely circulated on the Internet (P2P is a charging software), it is no problem if the network management uses it properly, but many people download it, maliciously controlling other people's network speed, which makes our normal use problematic! Its P2P terminal has more functions than other network management software. The most prominent thing is to control various popular P2P protocols, such as Bittorrent protocol, Baidu offline protocol, Poco protocol, Kamun protocol and so on. The software can control most client software based on the above protocols, such as BitComet, bitspirit, greedy BT, Kameng, Baidu offline protocol, Poco, PP and so on! Moreover, there are HTTP download custom file suffix control function, FTP download restriction function, QQ, MSN, PoPo, UC chat tool control function and so on!

The function is completed, so how is it realized? If you want to break through it, you must clearly understand its principle!

The most basic principle of restricting downloading these softwares is the same as other network management softwares, such as network law enforcement personnel, which all use ARP deception principle! Take a look at this picture first:

|-"Computer A

|-"computer B.

Internet-> Gateway-> Router (Switch Available)->|-Computer C (all five computers can use P2P terminator).

|-"computer d

|-"Computer E

First of all, let's talk about ARP deception principle from this picture! First, let me tell you what ARP is. ARP (Address Resolution Protocol) is an address resolution protocol that converts IP addresses into physical addresses. There are two ways to map IP addresses to physical addresses: list and non-list.

Specifically, ARP is to resolve the address of the network layer (IP layer, equivalent to the third layer of OSI) into the MAC address of the data connection layer (MAC layer, equivalent to the second layer of OSI).

Anyone who has studied the basics of network knows this!

In general, when A wants to send data to B, it will first query the local ARP cache table and find the MAC address corresponding to B's IP address before sending data. Then, an ARP request message (carrying IP address IA- physical address Pa of host A) is broadcast to request host B with IP address Ib to reply to physical address Pb. All hosts (including B) on the Internet have received ARP requests, but only host B can recognize its IP address, so it sends back an ARP response message to host A ... which contains B's MAC address. After A receives B's reply, it will update the local ARP cache. Then use this MAC address to send data (MAC address is attached to the network card). Therefore, this ARP table of local cache is the basis of local network circulation, and this cache is dynamic. The ARP protocol does not just send an ARP request before receiving an ARP reply. When the computer receives the ARP reply packet, it will update the local ARP cache and store the IP and MAC addresses in the reply in the ARP cache. Therefore, when a machine B in the local area network sends a forged ARP reply to A, and if this reply is forged by B pretending to be C, that is, the IP address is C and the MAC address is forged, then when A receives B's forged ARP reply, it will update the local ARP cache, so that in A's view, C's IP address has not changed, and its MAC address is not the original one. Because the network flow of LAN is not based on IP address, but on MAC address. Therefore, the forged MAC address is changed to a non-existent MAC address on A, which will cause network congestion and make A unable to Ping C! This is a simple ARP spoofing.

After reading these contents, you will definitely understand why P2P can control the traffic of computers in the network. In fact, it acts as a gateway here. Deceive the data of all computers in a network segment and forward it twice. All the data of the controlled computer will pass through this P2P host before being transmitted to the gateway!

This is the basic principle. Let's make a breakthrough in working principle!

First, it is the IP address and MAC address of the binding machine widely circulated on the Internet.

Second, modify your MAC address to trick P2P into scanning your machine. The method is to modify HKEY _ local _ machine \ system \ current control set \ control \ {4d36e972-e325-1-08002be65448.

Third, use two-way IP/MAC binding.

Bind the MAC address of your exit router to the PC, and the P2P terminator software can't cheat you with ARP, and naturally it can't control you. But it is not safe to bind routing MAC to PC, because P2P terminator software can cheat routing, so the best solution is to use PC and bind routing with bidirectional IP/MAC, that is, on PC.

Bind the MAC address of the route on the network, and bind the IP and MAC address of the PC on the route, which requires the route to support IP/MAC binding, such as HIPER router.

Fourth, I saw a firewall on the internet, which is the Look N Stop firewall. I saw some prawns on the internet saying that they could prevent arp cheating, so I downloaded them and tried them! Its method is as follows: but only if your machine does not communicate with the machines in the LAN, you can access your own network! And the gateway is fixed!

A. There is a rule of "ARP: authorize all ARP packets" in "Internet filtering", and a prohibition sign is put in front of this rule;

B. However, by default, this rule will prohibit gateway information. The solution is to put the MAC address of the gateway (usually the gateway is fixed) in the "target" area of the rule, select "not equal to" in "Ethernet: address" and fill in the MAC address of the gateway at that time; Put your MAC address in the Source area and select "Not equal to" in "Ethernet: Address".

C. In the last "Allotherpacket", modify the "Target" area of the rule, select "Unequal" in "Ethernet: Address", and fill in ff: ff: ff: ff: ff in the MAC address; Put your MAC address in the Source area and select "Not equal to" in "Ethernet: Address". The rest will not change.

Fifth, detect whose network card is located in promiscuous mode in a network segment. General normal host is not in promiscuous mode! Unless you set it up on purpose, there are many tools to test online!

Sixth, the author of P2P software has come up with a tool called "Anti-P2P Terminator", which may be on the one hand to stop hurting our netizens, and on the other hand to protect our own interests! After all, there are many cracked versions of this tool on the internet now! Anti-P2P Terminator is very simple and easy to use. As long as it is up and running, P2P tools in the same network segment can be detected and automatically terminated!

Seven, I think this method may not be popular, that is, using VLAN, as long as your PC and P2P terminator software are not in the same VLAN, he can't take you. This method like surfing the internet in our ordinary dormitory won't work! But for big Internet cafes, there may be!

Eight, about the traffic limit, you can break through by changing your subnet mask. I changed the default subnet mask from 255.255.255.0 to 255.240.0.0, and I can surf the Internet. P2p Terminator, the traffic restriction is invalid! However, it should be noted that the way I surf the Internet here is adsl- routing-computer. I wonder if this method can be used in other network environments!

Nine, another one is that I saw a prawn on the Internet saying that restricting ports can break through the restrictions of P2P. I have never understood this method! There seems to be no port in arp protocol, and the port is only based on TCP/IP. Please give me some advice!