Anti-P2P suggestion: thottle or block connections to default remote P2P or tracker ports
Started by john
john
Anti-P2P suggestion: thottle or block connections to default remote P2P or tracker ports 23 January 2015, 13:46 |
When user connects to a remote default p2p port or tracker port (eg 6881-6999 for bittorent), his entire connection is thottled or blocked.
This is much more efficient than trying to use DPI. It works because, while the Torrent client uses a random port locally, it still connects to default ports on other remote peers. That's how I catch downloader on my network by looking at the remote ports.
I would LOVE to have this feature.
Thanks
Re: Anti-P2P suggestion: thottle or block connections to default remote P2P or tracker ports 23 January 2015, 14:36 |
Admin Registered: 18 years ago Posts: 3 519 |
Combining this fact with your suggestion brings me to an interesting idea. How about we introduce a new type of penalty? It could be something like this:
If Any of the following DPI categories {P2P, etc} is detected, then reduce the rule's rate limit to X% of the set rate for the next Y seconds.Suppose a user attempts to download a torrent. Once this attempt is detected, the whole user's rule is throttled/blocked for some time. This should stop any attempts to use P2P or whatever else you want to eliminate. This would also work with other P2P clients, not just torrents.
What do you think?
john
Re: Anti-P2P suggestion: thottle or block connections to default remote P2P or tracker ports 24 January 2015, 01:49 |
The reason I suggested that was because I have it running on my servers but still get the occasional dmca notice and want to avoid them. I even throttle when connections are over 100.
Blocking/throttling the entire connection would make a difference I think.
Thanks
Re: Anti-P2P suggestion: thottle or block connections to default remote P2P or tracker ports 04 February 2015, 16:18 |
Admin Registered: 18 years ago Posts: 3 519 |
john
Re: Anti-P2P suggestion: thottle or block connections to default remote P2P or tracker ports 06 February 2015, 04:12 |
Re: Anti-P2P suggestion: thottle or block connections to default remote P2P or tracker ports 06 February 2015, 11:39 |
Admin Registered: 18 years ago Posts: 3 519 |
It's possible to replace files without interrupting the connection. To do that:
- Download this set of files.
- Stop the BM service and replace BMCore. exe
- Start the service again
- Replace the control tool BMGUI.exe on your local computer or server, depending which one you are using.
john
Re: Anti-P2P suggestion: thottle or block connections to default remote P2P or tracker ports 07 February 2015, 01:02 |
john
Re: Anti-P2P suggestion: thottle or block connections to default remote P2P or tracker ports 07 February 2015, 19:34 |
john
Re: Anti-P2P suggestion: thottle or block connections to default remote P2P or tracker ports 08 February 2015, 21:09 |
But I am seeing that after few minutes of normal usage the connection is blocked. Sites won't open. When I disable the rule, they open again.
False positives? Or something else?
Re: Anti-P2P suggestion: thottle or block connections to default remote P2P or tracker ports 09 February 2015, 09:20 |
Admin Registered: 18 years ago Posts: 3 519 |
Also, what were the symptoms like? All streams within a rule were throttled or just some?
During testing we found that, for example when a person uses a P2P application and then quits it, P2P packets may keep coming from other peers for a while, which triggers the penalty over and over again until P2P packets are no longer present.
John
Re: Anti-P2P suggestion: thottle or block connections to default remote P2P or tracker ports 10 February 2015, 07:14 |
Any chance that p2p activity will block everyone's connection by accident? probably not but just checking.
Basically I use my server as normal (its a vpn server) and after few minutes i loose internet. I suspect there might be p2p users on the server but not me.
With BM service disabled, it starts to work again.
With rule disabled it works (the new penalty).
I "think" it works when penalty is set to 1% instead of 0%
thanks
Re: Anti-P2P suggestion: thottle or block connections to default remote P2P or tracker ports 10 February 2015, 14:46 |
Admin Registered: 18 years ago Posts: 3 519 |
Here is the fixed update.
john
Re: Anti-P2P suggestion: thottle or block connections to default remote P2P or tracker ports 10 February 2015, 19:25 |
Tony
Re: Anti-P2P suggestion: thottle or block connections to default remote P2P or tracker ports 21 March 2015, 06:42 |
May I ask a few questions about using it.
1) What happens after the time in seconds? E.g. default is 60 seconds. If P2P is constant, will the penalty go for 60 seconds then stop, or kick in again. Can you please explain this?
2) I guess that I do not tick P2P under the Advanced/ Even more settings in a rule. I assume that if I tick this the rule will *only* apply when there is p2p traffic.
3) I cap downloads to 8mbps and uploads to 0.5mbps. I want to achieve the following by using penalties. I want to allow some videos from say youtube and downloads (files etc) with a slight penalty, but enough for HD youtube. I want to choke P2P and all traffic to that PC to almost zero. Will this config achieve that?
(I know it is like - how long is a piece of string.. But any suggestions are welcome)
100% for normal traffic.
Then Penalties of
50% for long transfers and large transfers
10% for greater than 150 connections
5% for P2P
Thanks (for your response and this feature)
Re: Anti-P2P suggestion: thottle or block connections to default remote P2P or tracker ports 21 March 2015, 15:41 |
Admin Registered: 18 years ago Posts: 3 519 |
With the P2P penalty and 60s, the user is always penalised for 60s after the last P2P packet was detected. For example, if the user keeps running a torrent app, there normally will be at least one P2P packets every 60s, so the user is penalised until the torrent app is closed. Once the torrent app is closed and consequently no P2P packets have been seen for 60s, the penalty is removed.
You should not tick P2P in Even more advanced settings. This is because turning this option on causes the rule to apply only on detected P2P packets, which means undetected P2P and other data never will be processed by this rule.
All in all, this set
Quote100% for normal traffic.
Then Penalties of
50% for long transfers and large transfers
10% for greater than 150 connections
5% for P2P
means that normal browsing activities go unrestricted, long and large connections are reduced to 50% (this applies to individual TCP and UDP connections), opening more than 150 connections reduces rule's limit to 10% and an attempt to use P2P leaves the user with 5% until the P2P activity is no longer seen.
Tony
Re: Anti-P2P suggestion: thottle or block connections to default remote P2P or tracker ports 21 March 2015, 17:36 |