• I just started to provide VM boxes (remote desktop sessions) to traders and people within the finance community.

    I provide two types of boxes - one that they dedicate 100% to trading and another that we jokingly call a "porn box" because they use it for chat/IM/email (to watch porn), etc.

    I've got AV solutions handled but what I didn't take into account was the fact that these guys will have access to high bandwidth and can easily torrent. Are there any simple things I can do to deter them from this?

    I want to make it clear that I don't want to be a policeman and they are purchasing an "open" connection same as they would have at their home, etc. so I can't really say they can/can not do anything specific so I don't want to block or really even throttle but I want to make it such that they come to the conclusion on their own that its easier to not torrent on my VMs.

    I give each instance a fairly small HDD (100GB) and I'll start to dig into Traffic Shaping - but does anyone have any quick tricks that tend to work?


  • If you're renting out virtual machines then the security policy should be implemented at system level rather than at network level.
    It is seriously much easier to implement an endpoint protection system that allows you to block certain software and provide antivirus/antimalware capabilities than to try and throttle and limit traffic once it leaves the "box".

    The hard way is to actually use L7 to permit legitimate traffic and block everything else.  Once you hit a certain amount of bandwidth being passed, this can bog down your pfSense box though.

    Another alternative is to identify all the legitimate traffic being used via a mixture of ports/ IPs and L7 then applying a connection rate limit on all other traffic.  i.e. You prioritise legitimate traffic and penalise or block all other traffic using a connection rate limit.
    Since torrenting tends to rely on opening large amounts of connections (getting 1Kbps from 1000 seeders gives you 1Mbps so on and so forth), applying a connection limit would reduce the effective torrenting speed.
    This can be circumvented if there are few high speed seeders or if the torrenting software is configured to have a very slow connection opening rate and limit on maximum number of open connections though.

  • Thanks for the reply.

    They are getting a VM (Windows or Ubuntu) and its essentially a clean install that they have 100% admin rights to. I don't police, monitor or configure anything on the VM so I can't impliment any local rights/restrictions.

    My concern isn't really about bandwidth or viruses, etc. because there is more than enough bandwidth and I take daily snapshots so if they destroy the VM with a virus the most they will lose is 1 day's worth of work.

    My concern is more with my ISP. If someone is seeding something they shouldn't be on a VM that I provide then I have some responsibility for that back to my ISP. I don't think it will be an issue (I personally know all of the people using the VMs at this point) but if the business grows and gets larger I assume there will come a point in time when I don't know every VM user personally and/or someone will abuse/misuse the services.

  • If you want to attempt to block torrents completely then you can check in snort there are rules already for p2p traffic.

    If you are just concerned of the bandwidth usage you can create a limiter for say 2mbps under Traffic Shaper > Limiter and then set that traffic shaper assigned to the firewall rules. If you use the "per ip" option you can use one set of rules for all clients.