0

I have been testing this "bittorent sync" software (a peer to peer application) as an experiment. I decided to block the application using the Windows firewall on the computer that is running the software. I then tried to sync from external computer outside the LAN and it still worked fine.

I then went to my router and disable UPNP and reboot and I am still able to connect to my machine; I made sure that I block all TCP and UDP from external access and this thing is still transmitting UDP packets.

How does this technology work? Is it firewall proof? Do i need a firewall that read each packet to block it? I know that some firewalls allow you to explicitly block peer to peer applications, is that what is needed in this case?

I am a little confused please help...

Improve this question

1 Answer 1

Reset to default
2

It sounds like either the firewalls you tested with are broken or you do not know how to use them. Are you sure you didn't just block externally initiated traffic? If you really blocked all TCP and UDP, then web access shouldn't work. If web access works, then you didn't block all TCP.

UDP traffic can appear to both sides as if the other initiated it. So blocking only externally initiated traffic won't always block UDP. (TCP can too, but this almost never happens whereas it's common with UDP.)

Improve this answer
8
  • I only have tcp 3389 open on the firewall, let's forget about the windows firewall for a minute. This thing still transferring data. Somehow it is bypassing the netgear router firewall or it is using some other technology. It is possible to block internal udp traffic to the outside.
    – winteck
    Commented Jul 3, 2013 at 21:16
  • What exactly did you enable in the router firewall that you are expecting will block this traffic?
    – David Schwartz
    Commented Jul 3, 2013 at 21:27
  • 1
    @winteck: Most routers, by default, try to make things work. Generally, firewalling takes explicit configuration. There's a myth that routers provide firewalling just because they can't make something work. But firewalling is, pretty much by definition, intentional filtering to stop traffic. The router is making this work just as it makes other things work, as is its job. Why should it block this if it can make it work? What reason does it have to think this is something it should prohibit rather than make work?
    – David Schwartz
    Commented Jul 3, 2013 at 21:37
  • 1
    @winteck: They are on most routers. If 80 wasn't open, you couldn't reach any web servers. If 443 wasn't open, you couldn't reach secure web sites. The issue is just whether the router can figure out what to do with the traffic. If nothing is listening, or it doesn't know what is listening, then it cannot make it work. That's why you need UPnP to make inbound TCP connection establishment "just work". The router has no idea where to send packets. It's not a firewall, it just cannot make it work. People describe port forwarding as "opening a port", but it just tells the router where to forward.
    – David Schwartz
    Commented Jul 3, 2013 at 21:50
  • 1
    @winteck: The router makes it work because it can, yes. That's its job. Routers, unless they have firewalls, only fail to forward traffic when they don't know where to forward it. Some routers do include some firewalling by default, but usually it's just for things like pings or access the the router's only administrative pages, things the router manufacturer specifically chose to disable by default. Some have real firewalls that are on by default, but most don't.
    – David Schwartz
    Commented Jul 3, 2013 at 22:38

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .