[something exciting]

I have a small network of about 12 - 16 people on a 10 meg connection through a wireless router...
Normally there are around 8 people online at one time though.
However i believe that there are atleast 2 people who have recently been downloading constantly through what i believe to be some kind of peer to peer networking service... i believe it is probably something like limewire or bit torrent.
I have tried blocking ports to stop them as the internet becomes almost unuseable some times when they leave there pc's on all day and night, however have had little success...
below are a list of ports that i have blocked:
6346 TCP+UDP
6347 TCP+UDP
6881-6889 TCP+UDP
6699 TCP+UDP
6700 TCP+UDP
6701 TCP+UDP
1214 TCP+UDP
4329 TCP
4661 TCP+UDP
4665 TCP+UDP
4662 TCP+UDP

Does anyone have any ideas of what i can do to help speed up the internet connection for everyone else who uses the internet other than just blocking the 2 culprits... as we have all paid for the internet connection and i think even though they are basically stealing all the bandwidth... blocking them is not fair...
It has become so bad recently that 2 of us have looked into buying and installing a new line into the house, which seems like a rather costly solution to the problem...

thanks in advance

Matt

[Advertisements]

Rather than blocking the ports why dont you just speak to them, alot of people have rules for what times you can hog the line for DL, like overnight is fine and during times of the day when there arent alot of people at other times you have to limit the speeds, if you ask im sure they will be reasonable you just need to set the rules as you cant really blame them for using the bandwidth if you havent told them they cant. Either that or maybe just ask them to fork out for more bandwidth,

[warriorscot]

Rather than blocking the ports why dont you just speak to them, alot of people have rules for what times you can hog the line for DL, like overnight is fine and during times of the day when there arent alot of people at other times you have to limit the speeds, if you ask im sure they will be reasonable you just need to set the rules as you cant really blame them for using the bandwidth if you havent told them they cant. Either that or maybe just ask them to fork out for more bandwidth,

[something exciting]

have tried but to no avail... they say that they want to download videos in the morning so that they can watch them in the evening, and want to download them overnight to watch more in the morning...

Edited by something exciting, 24 October 2006 - 06:02 PM.

[SpaceCowboy706]

What's the Manufacturer and Model of the router? And of course are you considered "In Charge" of the Connection (meaning do you pay the bill for it).

Edited by SpaceCowboy706, 24 October 2006 - 07:12 PM.

[diabillic]

Alright, first off are you the System Admin? What type of router is it? What ISP is it? If its a SOHO router, then block all ports over 5001 and allow anything above that ONLY if it requires it. Some services like Diskeeper for example use a 6000+ port for its Dkservice.exe.

Now, if your using a more commercial router or even a managed switch, you should be able to block by protocol. Block Gnutella, so this way it wouldnt matter what port it runs on and if your users are smart enough to change the sharing port it will still be blocked.

Another alternative would be to setup a local proxy or IDS machine. Use Linux, its the only solution really.

For Snort, either enable Bleeding Snort rules, which would block ALL P2P by default, or simply add this line to your P2P.conf

alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"P2P Fastrack
(kazaa/morpheus) traffic"; flow:to_server,established; content:"GET";
depth:3; content:"UserAgent\: KazaaClient"; reference:url,www.kazaa.com;
classtype:policy-violation; sid:1699; rev:4; react: block;) 

My first try would be to contact the ISP and have them block the traffic on their end since your a small business.

[something exciting]

thanks for the help...
think that we have it sorted now

[dsenette]

in the interest of giving the best options to people who end up in the same situation as yourself in the future....what was your final sollution to the issue?

[jrm20]

If your router doesnt currently offer QOS (quality of service) you can buy a router that allows you to limit everyones bandwidth by the ip...

[something exciting]

Now, if your using a more commercial router or even a managed switch, you should be able to block by protocol. Block Gnutella, so this way it wouldnt matter what port it runs on and if your users are smart enough to change the sharing port it will still be blocked.

this is the thing that worked for me...

thanks again for all the help

[Kurenai]

Alternately, in a home or small network situation, block absolutely everything but those required for work/specific applications. For example, on your typical home network (internet only used for viewing web pages, and someone with less scruples than most is downloading using peer to peer software), lock down everything but port 80. HTTP goes through, and nothing else does. Unlock other ports by specific application (ie, need ftp? Unlock 20 and 21).