How to block P2P/Bittorrent from my router (D-Link)

Discussion in 'Networking' started by TheGizmo, Apr 4, 2007.

  1. TheGizmo

    TheGizmo Diamond Member

    Joined:
    Dec 31, 2000
    Messages:
    3,627
    Likes Received:
    0
    I want to block all p2p bittorrent, etc stuff on my network because its hogging huge amounts of bandwidth. i'd like to do this from my d-link di-624 router, does anyone know where i should even start. a link to a help doc would even be fine. i'm up for reading and learning to do this myself, but i don't really know where to start. thanks
     
  2. bruceb

    bruceb Diamond Member

    Joined:
    Aug 20, 2004
    Messages:
    7,816
    Likes Received:
    1
  3. Loop2kil

    Loop2kil Platinum Member

    Joined:
    Mar 28, 2004
    Messages:
    2,482
    Likes Received:
    1
    The way Bruceb said sounds the easiest with what you are doing but if you ever want to try something a little more robust...try something like Ipcop with url filter, no one in my house can pull up anything p2p, pr0n and whatever else I decide to ban. All you will need is an older pc around 800 mhz with 2 NICS and a switch if you have more than 1 PC.

    http://ipcop.org/

    you will need to do some reading and getting the add-ons (like URLfilter and Copfilter) installed is not for the faint of heart. Took me a while but I finally got it all setup.
     
  4. nweaver

    nweaver Diamond Member

    Joined:
    Jan 21, 2001
    Messages:
    6,813
    Likes Received:
    0
    I played with IP Cop, and found Monowalls traffic shaping to be easier. Sure, you can P2P, but you are going to do it over 33.3 modem speeds!
     
  5. Loop2kil

    Loop2kil Platinum Member

    Joined:
    Mar 28, 2004
    Messages:
    2,482
    Likes Received:
    1
    Haven't messed to much with the traffic shaping yet...I had heard about ipcop first so that's what started with initially and now I'm comfortable with it. Though i have heard good things about Monowall as well.

    I love the Denial page that pops up on their screen when they go some where that's been banned :)

     
  6. robmurphy

    robmurphy Senior member

    Joined:
    Feb 16, 2007
    Messages:
    376
    Likes Received:
    0
    Just remeber the user can configure P2P to use different port numbers. I use P2P at home, and do not use the standard port numbers as many ISPs in the UK block these.

    Rob Murphy
     
  7. vorgusa

    vorgusa Senior member

    Joined:
    Apr 5, 2005
    Messages:
    244
    Likes Received:
    0
    actually matters the program. My bittorrent came with a random port in the 4000 range. If you use something like IPCop or a Sniffer you could probably find the ports people are using and block them.
     
  8. jlbenedict

    jlbenedict Banned

    Joined:
    Jul 10, 2005
    Messages:
    3,724
    Likes Received:
    0



    As Robmurphy posted above you.. the port configuration on the actual program can be changed.

    So, what are you to do? Run a sniffer program every day to determine if the user hasn't changed the configuration to one of any of the 65535 ports that could possibly be used?

    You'll be playing a cat & mouse game every day if you have a saavy user on the network.

     
  9. vorgusa

    vorgusa Senior member

    Joined:
    Apr 5, 2005
    Messages:
    244
    Likes Received:
    0
    The point I was trying to say is that a user that does not know what they are doing can use a program like UTorrent that picks a random port on install and would not be in the regular Bittorrent port range. If you find the port once and the user does not know how to change it or what is going on you will block them until they reinstall the program or pick another program.
     
  10. robmurphy

    robmurphy Senior member

    Joined:
    Feb 16, 2007
    Messages:
    376
    Likes Received:
    0
    Maybe a word with the worst offenders would be better. Bittorent is being used for legitimate downloads as well these days. Many Linux distributions use bittorrent, and Warner Bros use or will use bittorrent to distribute films and programs.

    I finaly got NTL/Virginmedia (in the UK) to change my cable modem. The old one would crash if downloading several torrents. The new one is fine. Downloading torrents also slowed the internet connection down with the old cable modem but the new one is fine. If the problem you are having is that the P2P is slowing the rest on the internet connection then maybe the router or modem cannot cope. Replacing it would allow the P2P without having any adverse effect on the normal internet access.

    If you have an old spare PC then you could use it to impose some bandwidth limit for the users. If someone ingores the warning about over use then they get 10- 20Kbit browsing for a while. Its possible to browse the web at this speed, just painful.

    Rob MUrphy
     
  11. nweaver

    nweaver Diamond Member

    Joined:
    Jan 21, 2001
    Messages:
    6,813
    Likes Received:
    0
    You can throttle based on ports/ranges OR on IP. If you start using P2P (and I can find that in about 30 seconds on my network) then I will not throttle you via ports, I'm gonna slap an IP based throttle on you.
     
  12. TheGizmo

    TheGizmo Diamond Member

    Joined:
    Dec 31, 2000
    Messages:
    3,627
    Likes Received:
    0
    so this is done via IP Cop as well or through the router?

    P.S. Thanks for all the ideas everyone
     
  13. Loop2kil

    Loop2kil Platinum Member

    Joined:
    Mar 28, 2004
    Messages:
    2,482
    Likes Received:
    1
    thru ipcop
     
  14. Akumasama

    Akumasama Junior Member

    Joined:
    Apr 7, 2007
    Messages:
    3
    Likes Received:
    0
    Wow talk about luck... I was googling around to find informations on how to lock P2P software and I found this thread, not to mention I too have a D-Link DI-624 :)

    This is my situation. While I live in my own apartment and I have my mini-LAN (PC + game consoles), I share my internet connection through wi-fi to the apartment on the floor above, where my brother and father live.
    My brother only has a notebook and an Xbox360, my father has a PC. Problem is my father started using BitTorrent and Emule, someone else installed those softwares on his PC (my father hardly knows how to create a folder on Windows...). Originally I gave him the ports because it was agreed he would have turned on those programs only when I'm not home. Problem is... he started doing it even when I'm home, and not telling me of course. Since I'm tired to always go upstairs to check if he has eMule or BitTorrent turned on, I decided I want to lock ports.
    No big deal for eMule, it uses specific ports, I just changed them and it won't work anymore.
    But what about BitTorrent? I spent many hours digging inside the program's configuration options, but I couldn't find ports anywhere. It doesn't need ports? How can I know which ports it uses?

    I wouldn't even mind to lock EVERYTHING on my father's PC IP (I don't have DHCP active, so every PC in my LAN has a fix IP, luckily) aside from HTTP, WindowsUpdate and POP3/SMTP Email.


    The solution of using another PC installing IP Cop is nice, but takes too much time and I don't really have time/space to put up another PC, and keep it turned on 24/7.

    Suggestions? :(
     
  15. vorgusa

    vorgusa Senior member

    Joined:
    Apr 5, 2005
    Messages:
    244
    Likes Received:
    0
    Bruceb

    there are the usual ports for bittorrent
     
  16. Akumasama

    Akumasama Junior Member

    Joined:
    Apr 7, 2007
    Messages:
    3
    Likes Received:
    0
    yes that's what I read, but then again someone posted that Bittorrent sometiemes used port 4000?

    So I guess there is no way to tell which ports it's going to use? It probably depends on which Torrent software is used... maybe in the website of the authors of that specific version I can find exact informations on the ports used, what do you guys think? Or am I just being a self-illuded fool?
     
  17. nweaver

    nweaver Diamond Member

    Joined:
    Jan 21, 2001
    Messages:
    6,813
    Likes Received:
    0
    I help a small WISP. We run NTOP to catch the p2p folks (not using p2p is in the sign up contract) and then either cut them off, or (we are slowly moving this way) shape their traffic. It's a shared system, so one user can wipe out half our subs.
     
  18. robmurphy

    robmurphy Senior member

    Joined:
    Feb 16, 2007
    Messages:
    376
    Likes Received:
    0
    Depends on how savvy the person who installs bittorrent is.I use uTorrent and it can use any unused ports. You would have to lock down all unused ports on the router.

    It would seem that a linux pc would be the best bet. .

    Rob Murphy
     
  19. Akumasama

    Akumasama Junior Member

    Joined:
    Apr 7, 2007
    Messages:
    3
    Likes Received:
    0
    yes, indeed he's using uTorrent 1.6.1 on that PC, then I'm fuc*ed -_-

    Which ports does HTTP navigation use? What if I lock all UDP and TCP ports except the ones needed by HTTP?
     
  20. RiverDog

    RiverDog Senior member

    Joined:
    Mar 15, 2007
    Messages:
    409
    Likes Received:
    0
    Most of the torrent clients allow uou to set any port that you want. The default ports are just that, defaults.
     
  21. RiverDog

    RiverDog Senior member

    Joined:
    Mar 15, 2007
    Messages:
    409
    Likes Received:
    0
    you could install vnc and just take a look at what's running if your network seems sluggish.
     
  22. kami333

    kami333 Diamond Member

    Joined:
    Dec 12, 2001
    Messages:
    5,110
    Likes Received:
    1
    You could always just configure the scheduler.

    I use Azuerus but I believe the uTorrent scheduler is pretty similar, just have both the download and upload throttled down to 5kb or whatever in the morning and evenings, and let it run loose from say 1am to 6am or whatever times you wouldn't be home and using a computer. Works pretty well for me, just set and forget.
     
  23. NotaScooby

    NotaScooby Junior Member

    Joined:
    Feb 10, 2008
    Messages:
    1
    Likes Received:
    0
    Sorry for being a complete simpleton. Got a similar problem with a flatmate hogging bandwidth with emule. I have a Lynksys WAG200G router. I dont mind him using anything else but how can I block emule, HELP!!!!
     
  24. waffleironhead

    waffleironhead Diamond Member

    Joined:
    Aug 10, 2005
    Messages:
    6,388
    Likes Received:
    4
    I thought about this for a bit and wondered if the easiest way to block the p2p traffic would be to block the tracking sites. I went into the block sites section of my netgear wgr614 and blocked all of the tracker sites i could find. Seems to have worked so far.
     
  25. Kelemvor

    Kelemvor Lifer

    Joined:
    May 23, 2002
    Messages:
    16,871
    Likes Received:
    0
    You could take the business approach which is the exact opposite of what people here mostly post. Instead of trying to figure out which ports to block.. Block them all and just open up the ones you know you need... 80, maybe the 21-23 range if you use that, etc.