• October 30, 2014, 07:25:01 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in which we have created boards at this time.

Pages: [1] 2

Author Topic: Blocking Bittorrent  (Read 16488 times)

Sammydad1

  • Level 5 Member
  • *****
  • Posts: 721
Blocking Bittorrent
« on: January 25, 2010, 05:01:10 PM »

Hi,

Anybody have a way of blocking bittorrent use thru the router ?

Such as is there some universal IP that is used for all Bittorrent use ?

Thanks !!

SD1
Logged
DIR-655 A2, FW: 1.35NA

Cobra

  • Level 4 Member
  • ****
  • Posts: 477
Re: Blocking Bittorrent
« Reply #1 on: January 25, 2010, 06:38:47 PM »

You could try advanced > application rules but I do not know if it will work.
Logged

mackworth

  • Level 3 Member
  • ***
  • Posts: 204
Re: Blocking Bittorrent
« Reply #2 on: January 25, 2010, 07:18:17 PM »

You could try advanced > application rules but I do not know if it will work.

Not going to work well.  The problem is that some clients use a different port every time they start up.  Also, there is no centralized IP to block.

Most of them are going to try and use UPNP, which you turn off, but that won't stop downloading.
Logged

Cobra

  • Level 4 Member
  • ****
  • Posts: 477
Re: Blocking Bittorrent
« Reply #3 on: January 25, 2010, 07:45:07 PM »

If it was me I would just use what is built into the OS like domain and group policy.

Would securespot work for this?
Logged

Sammydad1

  • Level 5 Member
  • *****
  • Posts: 721
Re: Blocking Bittorrent
« Reply #4 on: January 25, 2010, 08:16:52 PM »

Is it possible to limit the number of internet connections from a given internal LAN IP ?  Default is pretty much unlimited....if you can limit it to say 4 or 5 it would put a throttle on the torrents I would think....
Logged
DIR-655 A2, FW: 1.35NA

lotacus

  • Level 4 Member
  • ****
  • Posts: 450
Re: Blocking Bittorrent
« Reply #5 on: January 26, 2010, 12:13:51 AM »

You can block bittorrent. It's easier of you have dd-wrt or PFSense/monowall etc. but since this is dlink forum, i'll tell you how but not step by step instructions...it will take about an hour to do. :P

First. Grab all your necessary ports that you WANT to allow. This means ICMP (so you can ping out from client to hosts), DNS, any other low level protocols to make your network function, port 80, 443, 22 if you SSH and all that jazz.

Now, you create rules. Go through the rule wizard have it apply to MAC addresses, since they are harder to change than IP addresses. When you get to the port restrictions, enter in all the ports you want blocked. ie:

AllowDNS    Port 1-52
AllowDNS2  Port 54-65535

These two rules block every single port EXCEPT port 53.

If you want exceptions for a particular machine create an allow all rule > log only and the client it apply's to.

Once your done and double checked everything, go ahead and apply it. Before long you will have lots of people running to you complaining their torrents aren't working. LOL though they will probably say their internet isn't working, which it is, they just mean their torrents aren't working.
Logged

EddieZ

  • Level 11 Member
  • *
  • Posts: 2500
Re: Blocking Bittorrent
« Reply #6 on: January 26, 2010, 11:31:20 AM »

That's what we call a 'workaround"  ;D
Logged
DIR-655 H/W: A2 FW: 1.33

lotacus

  • Level 4 Member
  • ****
  • Posts: 450
Re: Blocking Bittorrent
« Reply #7 on: January 26, 2010, 05:47:02 PM »

It works very well too. I had to do this to prove a point to the room mates who always said the internet is slow. I had my suspicions and applied the rule to one person. Not to long after, the internet was blazing and the router never halted to a stop.
Logged

Sammydad1

  • Level 5 Member
  • *****
  • Posts: 721
Re: Blocking Bittorrent
« Reply #8 on: January 27, 2010, 05:54:03 AM »

Hi,

Thanks for that answer.  It looks feasible but with some additional work on my part...  Next question is:

Are there enough entry lines to Allow all of the items I do want, for my other users ?


Dave
Logged
DIR-655 A2, FW: 1.35NA

sideloaded2

  • Level 1 Member
  • *
  • Posts: 5
Re: Blocking Bittorrent
« Reply #9 on: January 27, 2010, 06:01:10 AM »

But as soon as I scanned the ports I would tell utorrent to use port 53.  8)
Logged

devoh

  • Level 1 Member
  • *
  • Posts: 2
Re: Blocking Bittorrent
« Reply #10 on: January 27, 2010, 09:22:01 AM »

Use openddns as your dns provider.. go into their setup and block filesharing..
works great for me..  though if they hardcode their own dns, they can get around it.

  -devoh
Logged

lotacus

  • Level 4 Member
  • ****
  • Posts: 450
Re: Blocking Bittorrent
« Reply #11 on: January 27, 2010, 10:28:40 AM »

I think each filter allows about five or so ranges, so you just repeat the steps to create another rule forthe other port ranges. I believe with basic HTTP service including messenger and xbox360, i had to create four separate rules to get all the ranges in.

Logged

prewab

  • Level 1 Member
  • *
  • Posts: 1
Re: Blocking Bittorrent
« Reply #12 on: February 01, 2010, 07:50:04 AM »

Hi,
I need some explanation to this, since I am not an expert:

First. Grab all your necessary ports that you WANT to allow. This means ICMP (so you can ping out from client to hosts), DNS, any other low level protocols to make your network function, port 80, 443, 22 if you SSH and all that jazz.

I just need some hints on which menu-items to use, and some general descriptions. No details necessary.

Thanks!
Logged

lotacus

  • Level 4 Member
  • ****
  • Posts: 450
Re: Blocking Bittorrent
« Reply #13 on: February 01, 2010, 12:34:43 PM »

First off, the forum doesn't scale images, and I am already doing a lot of work to get this done so I am not going to scale them down myself. PLEASE DO NOT QUOTE in a reply.

It has been a while since I used the dir-655 so I cannot remember in which order the rules fall after creating them, if the previous rule is at the bottom of the list and each subsequent rules fall on top or visa-versa. That being said, here is how you accomplish this feat.

Go to Access Control, Enabe Access Control then Add PolicyGive policy a name. Set the policy to always apply. Set address type to MAC. If computers are already on the network and recognzied, you can add macs by selecting the computer in the corresponding drop down menu. Click on ok, then repeat the steps for other computers. After each computer, you will have to set the radio box to "MAC" again because it likes to switch back to "IP". When done click next.

click on the radio button "block some access" and check off "Apply Advanced Port Filters" then click next.Give each filter a name, enter the IP address ranges.

I would suggest applying the full subnet to this rule in case some decide to set a static IP address outside the DHCP range. Don't add the router's address since that will block other essential communications between router and hosts and router and the internet etc.Next choose the protocol and then the port ranges. For the ports you WANT to keep, make sure they don't fall within the port ranges.

As you can see from my example, I am allowing DNS, HTTP and HTTPS ONLY. Everything else with the TCP protocol is blocked. This alone won't block torrents as they can use UDP as well.

To effectivly block one port, you need two rules. ie: in the example, I have blocked ports 1-52 and 54-79 Notice how I skipped over port 53, which is used for DNS resolution. (translating urls into IP addresses). The same is done with port 80 and finally with the SSL port, 443.

Once you have filled all these sections up with ports you want to block, click "SAVE".
If you used up all your rule slots, you will have to repeat the steps again to create more rules.

Do NOT exit out of the Access control or reboot the router when you are done. Instead, repeat the steps above in a new policy, substituting the TcP protocol with UDP.

Once you have both policies made, create yet another policyWhen you get to the section asking to block some, block all, or log web access only, you will want to choose the option to "log web access only" and put in the MAC addresses of the computers that will have full access to which your port filtering rules will not apply. As shown below. Make sure this rule is at the top of the list from the other rules.


Once this is all completed. reboot the router (since it's impossible to clear state tables). This will force clients to reconnect and adhere to your policies.
Logged

duffman

  • Level 1 Member
  • *
  • Posts: 14
Re: Blocking Bittorrent
« Reply #14 on: February 14, 2010, 06:13:21 PM »

Well a vpn connection to a server listening on port 80 could get around this. Just saying.
Logged
Pages: [1] 2