1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Blocking Torrenting

Discussion in 'Networking & Security' started by jsbkool@yahoo.com, Aug 27, 2013.

  1. jsbkool@yahoo.com

    jsbkool@yahoo.com New Member

    Joined:
    May 13, 2008
    Messages:
    20 (0.01/day)
    Thanks Received:
    0
    Hello all ,

    I am a internet distributor in my town, we use wireless network to connect the client , i m facing a problem ie most of my clients are torrenting which cause our entire bandwidth gets choked. Hence we need help , I got a manageable switch from tp-link which is a smart switch.We want to know whether i can block torrenting using the manageable switch or is there any other solution for this problem.
    Looking forward for the solution..
  2. ne6togadno

    ne6togadno

    Joined:
    Mar 15, 2013
    Messages:
    1,198 (2.42/day)
    Thanks Received:
    515
    Location:
    GMT +2
    have you tried to put max brandwidth torrents can use
    what is the model of the switch.
    if you block torrenting you may face a lot angry customers
    why expanding capabilities of network is not an option
  3. Seany1212

    Seany1212

    Joined:
    Jul 6, 2006
    Messages:
    662 (0.23/day)
    Thanks Received:
    23
    Location:
    England, UK
    How can you be sure they're torrenting?

    What's your current maximum bandwidth?

    Due to how easy it is to switch the ports that are used on software such as utorrent (it's literally a button to randomize) i would think it would be hard to block a specific port that is being used on the switch for torrenting, but that's just as far as i know...
  4. Jetster

    Jetster

    Joined:
    Jan 17, 2010
    Messages:
    4,675 (2.84/day)
    Thanks Received:
    1,834
    Location:
    Oregon
    The FCC fined Comcast for Bittorrent trafic shaping. I think it was back in 2008
  5. mauriek

    Joined:
    Jan 20, 2007
    Messages:
    199 (0.07/day)
    Thanks Received:
    80
    Location:
    Mataram-NTB, Indonesia
    i dont think it possible to block torrent using switch, is it? my office connect to internet through University LAN, the Network admin used to try to block many thing but torrent is always one thing they cant block, when one of our workstation staff complain about connection, for quick troubleshooting i used torrent client to check if my office connection is fine.
    Crunching for Team TPU
  6. BiggieShady

    BiggieShady

    Joined:
    Feb 8, 2012
    Messages:
    933 (1.04/day)
    Thanks Received:
    307
    Location:
    Zagreb, Croatia
    Torrent ports are random and traffic is encrypted so there is no "good" way to block it. It is better idea to edit quality of service options on router to let web, email, gaming, etc. have higher priority than anything else.
    Vario says thanks.
  7. bencrutz

    Joined:
    Jun 23, 2011
    Messages:
    171 (0.15/day)
    Thanks Received:
    34
    to effectively block torrent, you need to define fire-walling rules that are based on layer 7 pattern and packet content matching - which i doubt that your switch is capable of.

    consider a mikrotik or any powerful router to get it done.

    shall you deploy a mikrotik, all you need to do is add this rules to firewall:
    1. drop packet that are matching to a L7 pattern of torrents packet (use built in feature: p2p=all-p2p) - this will keep classic - non secure - torrents connection out
    2. block outgoing DHT from your network (packets containing "d1:ad2:id20:" with packet size from 95 to 190 and in a udp protocol)
    3. block outgoing torrent announce (packets containing "info_hash" in a tcp protocol format)
  8. Finners

    Joined:
    May 9, 2011
    Messages:
    126 (0.11/day)
    Thanks Received:
    32
    I would simply send a letter out first explaining the situation and advise that people schedule large downloads to be performed overnight otherwise you will be forced to take more sever action to limit them
  9. jsbkool@yahoo.com

    jsbkool@yahoo.com New Member

    Joined:
    May 13, 2008
    Messages:
    20 (0.01/day)
    Thanks Received:
    0
    Thank you guys for your valuable reply and lots of alternative solution . I have a smart tp-link 3210 8 port manageable switch and the mikrotik 750GL boardband routerboard .when i tried blocking the port some of the common sites were blocked . i am beginner in networking field , all i know is some basic things guys .
  10. bencrutz

    Joined:
    Jun 23, 2011
    Messages:
    171 (0.15/day)
    Thanks Received:
    34
    well, you already have a mikrotik so you will only need to learn a bit to harness its power :D

    am not sure a 750gl would suffice coz L7 pattern and packets matching-based firewall rules are quite cpu consuming, but just give it a shot and see how it turns out ;)

    you might want to try the setting in virtual machine first (virtualbox etc - just download the iso from mikrotik.com and install it) and see if you can get a grasp of it.

    am still at work, i'll post a more detailed how to - later when am home
    Last edited: Aug 27, 2013
  11. ne6togadno

    ne6togadno

    Joined:
    Mar 15, 2013
    Messages:
    1,198 (2.42/day)
    Thanks Received:
    515
    Location:
    GMT +2
    in that case you may find this useful.
    your tp-link specs

    this ^ is good idea. utorrent has possibility to limit download/upload speed (i guess other clients have this option too). you can ask them to limit their clients to lvl that wont cause troubles till you are able to expand network limits.
  12. Aquinus

    Aquinus Resident Wat-man

    Joined:
    Jan 28, 2012
    Messages:
    5,924 (6.53/day)
    Thanks Received:
    1,908
    Location:
    Concord, NH
    Why don't you just shape all of your clients traffic? Obviously you're running out of bandwidth so you need to implement some level of QoS or your need to cap their bandwidth. That's what I'm getting from this thread. Don't focus on shaping a kind of traffic, you should just look at it as their internet as a whole. If they're consuming too much, give them less.
  13. brandonwh64

    brandonwh64 Addicted to Bacon and StarCrunches!!!

    Joined:
    Sep 6, 2009
    Messages:
    18,440 (10.36/day)
    Thanks Received:
    5,995
    Location:
    Chatsworth, GA
    That router has p2p limiting on the firewall side. You will need to get familiar with the commands on telnet to disable p2p transfers.

    p2p (all-p2p | bit-torrent | blubster | direct-connect | edonkey | fasttrack | gnutella | soulseek | warez | winmx; Default: ) Matches packets from various peer-to-peer (P2P) protocols. Does not work on encrypted p2p packets.

    http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Filter
    Crunching for Team TPU
  14. bencrutz

    Joined:
    Jun 23, 2011
    Messages:
    171 (0.15/day)
    Thanks Received:
    34
    vanilla p2p=all-p2p wont block magnet torrents


    @OP: found a thread on mikrotik forum, all you need is there :toast:

    methink it's wiser to just limit the bandwidth for torrents rather than block them all :)
  15. Easy Rhino

    Easy Rhino Linux Advocate

    Joined:
    Nov 13, 2006
    Messages:
    13,390 (4.77/day)
    Thanks Received:
    3,223
    :confused:
    roast and Aquinus say thanks.
  16. ne6togadno

    ne6togadno

    Joined:
    Mar 15, 2013
    Messages:
    1,198 (2.42/day)
    Thanks Received:
    515
    Location:
    GMT +2
    nokia
  17. AsRock

    AsRock TPU addict

    Joined:
    Jun 23, 2007
    Messages:
    10,720 (4.14/day)
    Thanks Received:
    1,632
    Location:
    US
    Aah sales man ?..

    I would find a router that QOS works well on and limit the speed, another way would be though a software firewall but would come expensive and require time to setup.


    I use Outpost firewall and i can block programs and block all or some ports to a app.

    If the your using newer OS on the machines maybe make a restricted user account and use parental controls and only allow programs that you want to run so that way if they install a new app the app will need permission.
  18. Jimmy6

    Jimmy6

    Joined:
    Nov 12, 2013
    Messages:
    74 (0.29/day)
    Thanks Received:
    2
    get dd-wrt firmware, then you can block p2p activity and much more
  19. ShiBDiB

    ShiBDiB

    Joined:
    Jul 21, 2008
    Messages:
    4,066 (1.85/day)
    Thanks Received:
    755
    Location:
    Clifton Park, NY
    I'm thinking the same thing..
  20. remixedcat

    remixedcat

    Joined:
    May 13, 2010
    Messages:
    2,613 (1.71/day)
    Thanks Received:
    541
    meraki's AP's have layer 7 firewalls and have a P2P preset that blocks all P2P or you can drill down and block bittorrents only:

    I have a Meraki MR12 AP and here's the options:

    Note: this is my guest network and I also have traffic shaping as well.

    Screenshot 2013-12-15 03.29.18.png

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page