Windows 2k/XP Sandvine Fix

 

Warning: You MUST do this at a local console. WIPFW blocks Remote Desktop and VNC connections by default.

Step 1
Download WIPFW from http://wipfw.sourceforge.net/

Step 2
Extract the downloaded zip to C:\Program Files\WIPFW

Step 3
In the WIPFW directory, run install-deny.cmd

Warning: All Remote Desktop, VNC, Windows File Sharing, and other server apps WILL be cut off at this point. Don't worry, you can re-enable them later.

Step 4: Windows XP Only
Start -> Control Panel -> Security Center

Click on Manage Security Settings for: Windows Firewall

Select Off and click OK

Back in the Security Center, under the red heading for Firewall, select Recommendations...

Check I have a firewall solution that I'll monitor myself and click OK

Step 5
Save the following in the file C:\windows\System32\drivers\etc\protocol (no extension, replace windows with WINNT if you are using Windows 2000)

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This file contains the Internet protocols as defined by RFC 1700
# (Assigned Numbers).
#
# Format:
#
# <protocol name> <assigned number> [aliases...] [#<comment>]

ip 0 IP # Internet protocol
icmp 1 ICMP # Internet control message protocol
ggp 3 GGP # Gateway-gateway protocol
tcp 6 TCP # Transmission control protocol
egp 8 EGP # Exterior gateway protocol
pup 12 PUP # PARC universal packet protocol
udp 17 UDP # User datagram protocol
hmp 20 HMP # Host monitoring protocol
xns-idp 22 XNS-IDP # Xerox NS IDP
rdp 27 RDP # "reliable datagram" protocol
rvd 66 RVD # MIT remote virtual disk

Step 6
Open C:\Program Files\WIPFW\wipfw.conf in notepad.

Replace the contents with the following:

######################
# wipfw.conf
# Replace 55259 with your bittorrent port and 55359 with your bittorrent port+100
######################
# First flush the firewall rules
-f flush

# Localhost rules
add 100 allow all from any to any via lo*

# Prevent any traffic to 127.0.0.1, common in localhost spoofing
add 110 deny log all from any to 127.0.0.0/8 in
add 120 deny log all from 127.0.0.0/8 to any in

# Drop incoming packets with RST flag on BitTorrent port
# This is what thwarts Sandvine.
add deny tcp from any to me 55259-55359 tcpflags rst

# Add state stuff
add check-state
add pass all from me to any out keep-state
add count log ip from any to any

# Allow new incoming BitTorrent connections
add pass tcp from any to any 55259
add pass udp from any to any 55259

Step 7
Season to taste with any of the following rules (append to the end of wipfw.conf)

File and Print Sharing

# Allow Microsoft SMB file sharing
add pass tcp from any to me 135-139
add pass udp from any to me 135-139

# Allow direct-hosted SMB w/out NetBIOS
add pass tcp from any to me 445
add pass udp from any to me 445

VNC

# Allow VNC
add pass tcp from any to me 5900

Remote Desktop

# Allow RDP/Terminal Services
add pass tcp from any to me 3389

More filters coming soon...

Step 8
Start -> Run

type cmd and press enter

Run the following two commands:
net stop ipfw

net start ipfw

Step 9
Configure your torrent client to use an outgoing port range. 

uTorrent 

The settings are hidden under the advanced options pane. First, set "net.outgoing_port" to the lower end of the port range (e.g 55259) on which you are blocking RST packets. Then set "net.outgoing_max_port" (uTorrent 1.7 and above only) to the upper end of the port range (e.g. 55395).


Azureus

coming soon

Home

waffle recipes