P2P Blocking for a small office

[crisscross]

We are a small startup and use a TP Link Router + Unifi AP for Wireless we had no access controls but noticed the bandwidth limits being hit really quickly and found some users ran torrents.

What can i do to to restrict P2P access and also have some kind of bandwidth cap?

Cheers

 

[Genx87]

Checkout Sophos firewalls. They have a free version of their firewall. But there may be restrictions on business use. If there is a restriction the costs to get into an entry level router is sub 1000. It will allow you to filter anything and everything.

 

[BarkingGhostar]

We are a small startup and use a TP Link Router + Unifi AP for Wireless we had no access controls but noticed the bandwidth limits being hit really quickly and found some users ran torrents.

What can i do to to restrict P2P access and also have some kind of bandwidth cap?

Cheers

How about identify and fire those abusing company resources? While there are always reasons for firewalling, I see no reason to maintain this kind of employees in the startup company. Does it not speak loudly of their character?

 

[Mushkins]

The technical answer is that you need a better firewall. Anything business class is going to do what you want it to even at the entry level.

You're not going to effectively block this kind of traffic with some SOHO TPLink, and there's also a host of other reasons why any business needs to be using a business-class firewall solution if they value security at all.

 

[master_shake_]

why not just block torrent related ports?

TCP: Typically, BitTorrent uses TCP as its transport protocol. The well known TCP port for BitTorrent traffic is 6881-6889 (and 6969 for the tracker port). The DHT extension (peer2peer tracker) uses various UDP ports negotiated by the peers.

which router do you have?

 

[razel]

Agree that you need to prove that it is P2P before proceeding, therefore you'll need a router with management features you need. Bandwidth monitoring and limiting. For Bandwidth monitoring, I was shocked at how good the Asus firmwares are. I own one that supports DD-WRT and see no reason to change the stock firmware. They currently do exactly what you want.

 

[crisscross]

Thanks for all the replies I completely forgot about this post. What's a good business class router to get? I have the tp link 470t+ router

 

[master_shake_]

lol

that one was not gigabit!!!

sorry.

oh god no!

 

[RadiclDreamer]

why not just block torrent related ports?



which router do you have?

Because torrents will switch ports easily, they are hard to block because it was designed to be hard to block, it can even use port 80.

 

[Makaveli]

I agree you need business class hardware for the security alone plus other reasons.

Also agree with sitting these employees in an office and let me know you monitor the network and if you see them running torrents on the corporate network again which can open your startup company to many legal issues and end you before the company even makes it 3 years in.

They will be terminated immediately. And I'm talking about walking them right out the front door for everyone to see. You will need to make a point and show that kind of behavior is not allowed.

 

[crisscross]

Thanks guys will talk to my team but what is the recommended solution to monitor and block them? Firewal? better business router if so which one?

 

[Genx87]

Thanks guys will talk to my team but what is the recommended solution to monitor and block them? Firewal? better business router if so which one?

See the first reply in this thread.

 

[crisscross]

See the first reply in this thread.

Thank you... looks like I need a dedicated PC to setup Sophos and am wondering if I would be better off just getting a business router like the Edgerouter.