# Blocking Torrenting



## jsbkool@yahoo.com (Aug 27, 2013)

Hello all ,

            I am a internet distributor in my town, we use wireless network to connect the client , i m facing a problem ie most of my clients are torrenting which cause our entire bandwidth gets choked. Hence we need help , I got a manageable switch from tp-link which is a smart switch.We want to know whether i can block torrenting using the manageable switch or is there any other solution for this problem.
           Looking forward for the solution..


----------



## ne6togadno (Aug 27, 2013)

have you tried to put max brandwidth torrents can use
what is the model of the switch.
if you block torrenting you may face a lot angry customers
why expanding capabilities of network is not an option


----------



## Seany1212 (Aug 27, 2013)

jsbkool@yahoo.com said:


> Hello all ,
> 
> I am a internet distributor in my town, we use wireless network to connect the client , i m facing a problem ie most of my clients are torrenting which cause our entire bandwidth gets choked. Hence we need help , I got a manageable switch from tp-link which is a smart switch.We want to know whether i can block torrenting using the manageable switch or is there any other solution for this problem.
> Looking forward for the solution..



How can you be sure they're torrenting?

What's your current maximum bandwidth?

Due to how easy it is to switch the ports that are used on software such as utorrent (it's literally a button to randomize) i would think it would be hard to block a specific port that is being used on the switch for torrenting, but that's just as far as i know...


----------



## Jetster (Aug 27, 2013)

The FCC fined Comcast for Bittorrent trafic shaping. I think it was back in 2008


----------



## mauriek (Aug 27, 2013)

i dont think it possible to block torrent using switch, is it? my office connect to internet through University LAN, the Network admin used to try to block many thing but torrent is always one thing they cant block, when one of our workstation staff complain about connection, for quick troubleshooting i used torrent client to check if my office connection is fine.


----------



## BiggieShady (Aug 27, 2013)

jsbkool@yahoo.com said:


> Looking forward for the solution.



Torrent ports are random and traffic is encrypted so there is no "good" way to block it. It is better idea to edit quality of service options on router to let web, email, gaming, etc. have higher priority than anything else.


----------



## bencrutz (Aug 27, 2013)

to effectively block torrent, you need to define fire-walling rules that are based on layer 7 pattern and packet content matching - which i doubt that your switch is capable of.

consider a mikrotik or any powerful router to get it done.

shall you deploy a mikrotik, all you need to do is add this rules to firewall:

 drop packet that are matching to a L7 pattern of torrents packet (use built in feature: p2p=all-p2p) - this will keep classic - non secure - torrents connection out

 block outgoing DHT from your network (packets containing "d1:ad2:id20:" with packet size from 95 to 190 and in a udp protocol)

 block outgoing torrent announce (packets containing "info_hash" in a tcp protocol format)


----------



## Finners (Aug 27, 2013)

I would simply send a letter out first explaining the situation and advise that people schedule large downloads to be performed overnight otherwise you will be forced to take more sever action to limit them


----------



## jsbkool@yahoo.com (Aug 27, 2013)

Thank you guys for your valuable reply and lots of alternative solution . I have a smart tp-link 3210 8 port manageable switch and the mikrotik 750GL boardband routerboard .when  i tried blocking the port some of the common sites were blocked . i am beginner in networking field , all i know is some basic things guys .


----------



## bencrutz (Aug 27, 2013)

well, you already have a mikrotik so you will only need to learn a bit to harness its power 

am not sure a 750gl would suffice coz L7 pattern and packets matching-based firewall rules are quite cpu consuming, but just give it a shot and see how it turns out 

you might want to try the setting in virtual machine first (virtualbox etc - just download the iso from mikrotik.com and install it) and see if you can get a grasp of it.

am still at work, i'll post a more detailed how to - later when am home


----------



## ne6togadno (Aug 27, 2013)

jsbkool@yahoo.com said:


> ...when  i tried blocking the port some of the common sites were blocked . i am beginner in networking field, all i know is some basic things guys.



in that case you may find this useful. 
your tp-link specs



Finners said:


> I would simply send a letter out first explaining the situation and advise that people schedule large downloads to be performed overnight otherwise you will be forced to take more sever action to limit them



this ^ is good idea. utorrent has possibility to limit download/upload speed (i guess other clients have this option too). you can ask them to limit their clients to lvl that wont cause troubles till you are able to expand network limits.


----------



## Aquinus (Aug 27, 2013)

Why don't you just shape all of your clients traffic? Obviously you're running out of bandwidth so you need to implement some level of QoS or your need to cap their bandwidth. That's what I'm getting from this thread. Don't focus on shaping a kind of traffic, you should just look at it as their internet as a whole. If they're consuming too much, give them less.


----------



## brandonwh64 (Aug 27, 2013)

That router has p2p limiting on the firewall side. You will need to get familiar with the commands on telnet to disable p2p transfers.

p2p (all-p2p | bit-torrent | blubster | direct-connect | edonkey | fasttrack | gnutella | soulseek | warez | winmx; Default: )	Matches packets from various peer-to-peer (P2P) protocols. Does not work on encrypted p2p packets.

http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Filter


----------



## bencrutz (Aug 27, 2013)

brandonwh64 said:


> That router has p2p limiting on the firewall side. You will need to get familiar with the commands on telnet to disable p2p transfers.
> 
> p2p (all-p2p | bit-torrent | blubster | direct-connect | edonkey | fasttrack | gnutella | soulseek | warez | winmx; Default: )	Matches packets from various peer-to-peer (P2P) protocols. Does not work on encrypted p2p packets.
> 
> http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Filter



vanilla p2p=all-p2p wont block magnet torrents


@OP: found a thread on mikrotik forum, all you need is there 

methink it's wiser to just limit the bandwidth for torrents rather than block them all


----------



## Easy Rhino (Aug 27, 2013)

jsbkool@yahoo.com said:


> I am a internet distributor in my town





jsbkool@yahoo.com said:


> i am beginner in networking field , all i know is some basic things guys .


----------



## ne6togadno (Aug 27, 2013)

Easy Rhino said:


>



nokia


----------



## AsRock (Aug 27, 2013)

Aah sales man ?..

I would find a router that QOS works well on and limit the speed, another way would be though a software firewall but would come expensive and require time to setup. 


I use Outpost firewall and i can block programs and block all or some ports to a app.

If the your using newer OS on the machines maybe make a restricted user account and use parental controls and only allow programs that you want to run so that way if they install a new app the app will need permission.


----------



## Jimmy6 (Dec 3, 2013)

get dd-wrt firmware, then you can block p2p activity and much more


----------



## ShiBDiB (Dec 14, 2013)

Easy Rhino said:


>



I'm thinking the same thing..


----------



## remixedcat (Dec 15, 2013)

meraki's AP's have layer 7 firewalls and have a P2P preset that blocks all P2P or you can drill down and block bittorrents only:

I have a Meraki MR12 AP and here's the options:

Note: this is my guest network and I also have traffic shaping as well.


----------

