How to stop torrents at work?



  • I'm sure this question will not make me the most popular student at the dance, but is there a way to identify (via IP) machines running BitTorrent clients within an internal network (ie. work)? My company has around 70 employees, and the old, "Please don't torrent at work" doesn't seem to be doing much good anymore. It brings our email and web browsing to a near standstill, and dropping by the "usual suspects" is not only tiresome, but doesn't seem to find all the sources of traffic any longer. Any help would be appreciated, thanks.



  • If you can get to the machines when there not around, access the advanced options of the torrent client and force it to use specific ports under net.outgoing_port & net.outgoing_max_port. Then all you need to do is create a rule for the port range you specify to block/shape into oblivion. Generally they won't be aware of the advanced options let alone what a port is.

    If this is not an option simply shape them/block there PC and send them to HR to explain why they need to steal all the network bandwidth instead of working.


  • Netgate Administrator

    You can do this with Layer7 filtering. Ether just block torrents completely or setup a rule to allow torrents and log it.

    Steve


  • LAYER 8 Global Moderator

    @sudo:

    is there a way to identify (via IP) machines running BitTorrent clients within an internal network

    easy way to identify them is just do a sniff at your lan interface, let it run for a while and then load it up into wireshark and look at since your saying its killing your bandwidth the top talkers, but sorting by protocol will show you the IPs that are talking p2p.

    I have to assume you don't have any ports forwarded, are you running UPnP?  Are you boxes on public IPs?  Normally p2p is pretty slow unless ports are open to them.

    Why you would try and run p2p at work in the first place??  Users, what you going to do ;)

    Simple sniff will clearly show you who is downloading from p2p!  Even without knowing how to use wireshark, I am quite sure you will be able to spot the p2p traffic right away.



  • @stephenw10:

    You can do this with Layer7 filtering. Ether just block torrents completely or setup a rule to allow torrents and log it.

    Steve

    The Layer7 filtering for torrent isn't working on my actual pfsense 2.0
    So I don't think that this is a good solution at the moment. :(


  • Netgate Administrator

    @Nachtfalke:

    The Layer7 filtering for torrent isn't working on my actual pfsense 2.0
    So I don't think that this is a good solution at the moment. :(

    Good to know. I won't be relying on that then.  :)

    Steve



  • Thanks all,

    Now I can do with layer7 filtering It works well, and after that I've monitoring with Ntop without torrents package.



  • @Nachtfalke:

    The Layer7 filtering for torrent isn't working on my actual pfsense 2.0
    So I don't think that this is a good solution at the moment. :(

    It's as good as the l7filter project's signatures, which is hit and miss. It'll miss all encrypted BT traffic as you can't detect that in such a fashion. It's also extremely high overhead so it's not something I would put a ton of traffic through unless you have a significantly oversized CPU (by our normal hardware sizing standards).


Log in to reply