I have referenced an old external Cisco article on how to block Bit torrent traffic referenced on-line Here
This procedure I have found only works 50% of the time.
I find blocking bit torrent specific ports, and doing the regex do work, it just does not catch all the traffic.
object-group service bit-torrent-services tcp-udp
port-object eq 6969
port-object range 6881 6999
and
regex bit-torrent-tracker ".*[Ii][Nn][Ff][Oo]_[Hh][Aa][Ss][Hh]=.*"
Does anyone have more up to date regex for finding bit torrent traffic?
Or does is this the limits of the ASA at this time?
Best Answer
<joke>Unplug it</joke>
Bittorrent clients can (and do) use random ports. Blocking the common ports will only encourage users to move to different ports. Also, the inter-client traffic has supported encryption for some years now -- originally as a means to limit ISP interference -- making the actual p-t-p traffic unrecognizable.
Looking for "info_hash" in the client-tracker communication, while somewhat effective, is also easily defeated. (tor, ssl, vpn, etc.) It also does nothing to stop tracker-less swarms (DHT), peer-exchange (PEX), UDP tracker protocol...
If you've managed to kill 50%, count yourself lucky. This is a game of whack-a-mole you cannot win.