Category Archives: How to block p2p

Three ways to block torrent traffic in your network.

Torrent downloading is annoying and can consume most of your bandwidth, so you might want to block torrent in your network. There are several ways to block torrent in your network. While in this post, I will introduce three solutions to block torrent(bittorrent, utorrent, qtorrent) with WFilter internet content filter and WFilter NG firewall.

Please be aware that “WFilter internet content filter(ICF)” and “WFilter NG firewall(NGF)” are total different products. WFilter ICF is a windows program, which is designed for pass-by deployment on a mirroring port. While WFilter NGF is a dedicated linux firewall system.

1. Block torrent with WFilter ICF

passby_router_topology.png

As you can see in the diagram, the WFilter internet content filter(ICF) shall be connected to a mirroring port in your router or switch. So it can analysis network packets and deploy internet access policies. Steps to block torrent with WFilter ICF:

blocktorrent01 blocktorrent02 blocktorrent03

2. Block torrent with WFilter NGF as a network bridge.

Network topology diagram:

Ros guide bridge.png

WFilter NGF acts as a network bridge, sitting between your router and switch. So it can filter internet traffic.

3. Block torrent with WFilter NGF as a network gateway.

Network topology diagram:

Ros guide gateway.png

In this topology, WFilter NGF acts as the gateway of your network to deploy internet access policies. Please be aware that you can install WFilter NGF in a virtual machine to act as a virtual gateway, here is a guide: Using a pre-built VMWare image of WFilter NG Firewall

You can setup “application control” policies to block torrent with below steps:

block_torrent1 block_torrent2 block_torrent3

 

When deployed and configured properly, both WFilter ICF and WFilter NGF can block torrent completely. All torrent clients will have zero uploading and downloading speed.

utorrent_4 block_torrent04[1][2] after.

 

WFilter ICF homepage: WFilter Internet Content Filter

WFilter NG homepage: WFilter NG firewall

WFilter videos: WFilter Videos

 

 

How to block UDP ports in RRAS windows server 2003?

As a pass-by filtering product, WFilter only can block TCP traffic. For complete blocking of p2p traffic, you’re required to block UDP ports 1024-65534 in your router or firewall. For more information about pass-by filtering, please check: difference between Pass-by filtering and Pass-through filtering.


Since some networks use a windows server with “Routing and Remote Access Service”(RRAS) as the gateway, you also can configure the “IP Filter” in RRAS to block UDP ports. In this tutorial, we will guide you to block all UDP ports except DNS(53) in windows server 2003.


1. Open “Routing and Remote Access” in “Control Panel”->”Administrative Tools”.



2. Choose the external adapter, Click “General”->”properties”.



3. Click “Inbound Filters”.




4. Add DNS port UDP 53 into the allow list


Click “New”->”Add IP Filter”, choose “Protocol” as “UDP”, “Sourceport” as “53″, “Destination port” as “0″(means all).



5. Add all TCP into the allow list


Click “New”->”Add IP Filter”, choose “Protocol” as “TCP”, “Sourceport” as “0″, “Destination port” as “0″.



6. Block others


Check “Drop all packets except those that meet the criteria below” to block other traffic.


By now, UDP ports are all blocked except UDP 53(DNS). And WFilter is now full functional to block p2p/IM/iptv traffic.


More information, please check “WFilter Enterprise”.


Other related links:


How to block internet downloading?
How to monitor internet usage on company network?
Internet monitoring software for business
How to filter web surfing?
How to block websites and restrict internet access?
How to block HTTPS websites on my network?

How to block TeamViewer on my network using WFilter?

TeamViewer is a computer software package for remote control, desktop sharing, and file transfer between computers. The software operates with Microsoft Windows, Mac OS X, iOS, and Linux. It is possible to access a machine running TeamViewer with a web browser.

With TeamViewer, it will be very convenient for employees to access computers in their homes, transfer files to remote computers. So for security purpose, sometimes you may want to block TeamViewer on your network.

This tutorial will guide you to block TeamViewer with “WFilter Enterprise 3.3″.

Because blocking of Teamviewer is not supported by default in WFilter, in this example, we uses “Customize Protocols” feature of WFilter to define TeamViewer protocol.

First, Add “TeamViewer” Protocol.


.
TeamViewer has two patterns:
1. “teamviewer01″:
  Type — “HTTP SEND”
  Format — “X-IM-URL”
  Content — “s=.*\&(p|id)=.*\&client=.*”

2. “teamviewer02″:
  Type — “TCP ALL”
  Format — “0″
  Content — “^\x17\x24[\x00-\xff]{2}[\x00-\x02]“


Second, Enable blocking of teamViewer in certain blocking levels.



And apply this blocking policy to certain computers.



Now, TeamViewer will be blocked.

WFilter blocking events:



Failure connection of teamViewer.



More information, please check “WFilter Enterprise”.
Other related links:
How to block internet downloading?
How to monitor internet usage on company network?
Internet monitoring software for business
How to filter web surfing?
How to block websites and restrict internet access?

How to block BBC online video with WFilter?

One customer reported that BBC online video can not be blocked by WFilter, even “Block Online HTTP Video and Downloading of Video Files” is checked in certain blocking levels.
So we did some research and found, other than HTTP protocol, the BBC websites also use the RTMP (Real Time Messaging Protocol) to play online video.
Because blocking of RTMP is not supported by default in WFilter(will be added soon), this tutorial will guide you to block BBC online video by the “Customize Protocols” feature of WFilter.

First, Add a new protocol named “RTMP”.


1. Protocol Settings:
Protocol Name: RTMP
Protocol Desc: Real Time Messaging
Protocol Type: Streaming

2. Pattern1
Name: RTMP_HTTP
Desc: RTMP_HTTP
Type: HTTP SEND
Offset: 0
Format: User-Agent
Content: Shockwave\sFlash

3. Pattern2
Name: RTMP
Desc: RTMP
Type: TCP_SEND
Offset: 0
Begin Byte: 03
Format: 0
Content: \x03[\x00-\xff]{4}\x80\x00

Second, Enable blocking of RTMP in certain blocking levels.

Now, BBC videos will be successfully blocked.

Related Topic: How to block bbc iplayer?

How to restrict employees internet access on your network?

Internet can be a benefit to business when used properly, but internet
is often abused by employees and poses significant liability and
security risks. Used
improperly, the Internet can subject every organization to harassment claims,
countless hours of lost productivity and innumerable security leaks and
vulnerabilities.

Several important risks caused by improper internet usage:
1. Virus Infection
2. Lost Productivity
3. Legal liability
4. Bandwidth consumer

So it is necessary for you to restrict employees internet access on your network.

To achieve this goal,  first you need an internet access policy, which should be able to:

1. Clarify what constitutes acceptable use of Internet services.
2. Ensure employees understand who to contact with questions regarding acceptable use.
3. Ensure employees understand the penalties that arise from Internet misuse.
4. Help lessen an organization’s spyware and virus infestation rates.
5. Provide human resources with signed documentation from each employee stating a pledge not to improperly use Internet services.
6. Help mitigate productivity losses.
7. Decrease dependence upon technology solutions used to enforce employee behavior.
8. Reduce the organization’s liability resulting from harassment claims, copyright violations originating onsite and other illegal acts.

You also need an internet filtering product to assure your internet policy. Let’s take “WFilter Enterprise” as an example, it enables you to monitor and filter internet access for all computers from a mirroring port of your switch. You only need to install WFilter in one computer to monitor the whole network.

Key Features:

  • Keep a detailed record of each web surfing and web posting.
  • Record all incoming and outgoing email content and attachment.
  • Monitor and archive instance messengers chat contents and activities.
  • Monitor and archive files transferred by web, ftp and IM tools.
  • Implement a policy to filter internet access during working hours.
  • Websites, messengers and p2p file downloading can be blocked to save bandwidth and raise productivity.
  • You only need to install WFilter in ONE computer to manage your whole network.

http://www.imfirewall.us

How to block bbc iplayer on company network?

BBC iPlayer (formerly known as Integrated Media Player (iMP), Interactive Media Player, and MyBBCPlayer) is an internet television service, P2P, cable television, and several mobile devices developed by the BBC to extend its existing RealPlayer-based “Radio Player” and other streamed video clip content.

As online iPlayer may consume much internet bandwidth, this tutorial will guide you to block BBC iPlayer using WFilter. We suppose WFilter is already properly installed and is capable of monitoring/blocking other computers, if not, please read How to monitor internet usage on company network first.

WFilter’s “website black list” is based on website domains, so we can not use “website black list” to block iPlayer, since iPlayer is a subfolder of www.bbc.co.uk without a individual domain. However, we still can use “URL Keywords Filtering” feature to block url with certain keywords.

The below example demonstrates blocking of url with keyword “iplayer”.

1. Create a blocking policy, and enable “URL Keywords Filtering”.


2. Choose “Streaming Media” category and click the edit icon to edit its keywords list.


Please notice: WFilter already has some default keywords(the default
keywords are hidden). For example, “video” is already included in the
“Streaming Media” category. If you only want to block “iplayer”, you can add a new category in “Category Settings”->”Customize Categories” of WFilter.

In this example, we need to add “iplayer” to the keywords list:

3. Apply this blocking policy to certain computers.

4. By now, urls with keywords “iplayer” will be blocked.

More information, please check “WFilter Enterprise”.
Other related links:
How to block internet downloading?
How to monitor internet usage on company network?
Internet monitoring software for business
How to filter web surfing?
How to block websites and restrict internet access?
How to Block Bittorrent and bitcomet?
How to block msn file transfer?
How to block certain websites to save your productivity?
How to block AIM using WFilter?

Blocking adapter doesn’t work when using two network cards with WFilter.

Some switches does not allow outgoing traffic on a mirroring port. In this case, WFilter needs a separate blocking adapter to send blocking packets. And if you’re monitoring and filtering more than 100 computers, we recommend you to use a different blocking adapter as the monitoring adapter.

When the two network cards are installed, we will want the Windows system to use the blocking adapter to access your network. However, sometime the Windows system might pick up the monitoring adapter and fails to connect to your network. This problem can be resolved by the “Automatic Metric” setting in Windows.

A metric is a value that is assigned to an IP route for a particular
network interface that identifies the cost that is associated with
using that route. The Automatic Metric feature is configured independently for each network interface in the network. This feature is useful in situations where you have more than one
network interface of the same speed, for example, when each network
interface has been assigned a default gateway. In this situation, you
may want to manually configure the metric on one network interface, and
enable the Automatic Metric feature to configure the metric of the
other network interface. This setup can enable you to control the
network interface that is used first in the routing of IP traffic.

In our case, the “Automatic Metric” of the blocking adapter shall be smaller than the monitoring adapter. So by setting “Automatic Metric” of the blocking adapter to “1″, and the monitoring adapter to “2″, Windows system will use the blocking adapter to access your network.

How to block limewire downloading on company network?

LimeWire is a free peer-to-peer file sharing (P2P) client for Windows, Mac OS X, Linux, and other operating systems supported by the Java software platform. It uses the Gnutella network and also the BitTorrent protocol.

Using Limewire, users can easily download copies of copyrighted materials and illegal or objectionable content. In LimeWire versions prior to 5.0, users could accidentally configure the software to allow access to any file on their computer, including documents with personal information. Though recent versions of LimeWire do not allow unintentional sharing of documents or applications, it still opens a share directory to share downloaded files by default.

Therefore, to save your bandwidth and keep your network safe, you might want to block limewire program on your network.

However, though the default TCP port of Gnutella2 is 6346. You can not block limewire only by blocking this port in your router or firewall, because Limewire allow users to change its default port.

This tutorial will guide you to block limewire downloading using WFilter. WFilter blocks Limewire traffic based on signature matching despite which port it is using. Limewire can be blocked only by a single click.
 


Blocked limewire:

Blocking logs of limewire in WFilter:

WFilter homepage: http://www.imfirewall.us/WFilter.htm

How to control internet bandwidth usage on network?

Traffic Shaping and Prioritization is becoming more and more common in the corporate market. Most companies with remote offices are now connected via a WAN (Wide Area Network). Applications tend to become centrally hosted at the head office and remote offices are expected to pull data from central databases and server farms. As applications become more hungry in terms of bandwidth and prices of dedicated circuits being relatively high in most areas of the world, instead of increasing the size of their WAN circuits, companies feel the need to properly manage their circuits to make sure business-oriented traffic gets priority over best-effort traffic. Traffic shaping is thus a good means for companies to avoid purchasing additional bandwidth while properly managing these resources.

With a linux gateway, you have a very rich set of tools for managing and manipulating the transmission of packets. More details can be found at: http://linux-ip.net/articles/Traffic-Control-HOWTO/index.html, However, sometimes it might be difficult for you to deploy a linux gateway server.

This tutorial will guide to implement a passby bandwidth management solution, which enables you to manage internet bandwidth through a mirroring port on your switch. Port mirroring allows you to setup a port in the switch to receive packets of other ports. Setting up a mirror port does no change to your network topology, and it will not affect your network speed.

Let’s take WFilter as an example:

First, setup a mirroring port.

When the port mirroring is properly setup, WFilter will be able to monitor all computers internet activities.

Bandwidth Management Settings

Using WFilter’s bandwidth management feature, you can set a maximum accumulating bandwidth of each computer for a period time. In this example, each user can have 200M internet bandwidth every day. Only messengers and emails are allowed when the bandwidth limit is reached.

You also can setup a policy to block certain users when available
internet bandwidth of the entire network is not enough. For example,
When entire network traffic exceeds 80% of available internet
bandwidth, p2p traffic will be blocked.


Bandwidth Alert Settings

And the bandwidth alert feature will send you an alert email when the accumulating bandwidth of a computer is too large.

More information, please check “WFilter Enterprise”.
Other related links:
How to block websites at work during working hours?
How to block video streaming on company network?
How to block internet downloading?
How to monitor internet bandwidth?
How to monitor internet usage on company network?
How to block instant messaging on company network?
How to filter websites and restrict website access?

How to setup ip-mac binding in WFilter?

You may assign static ip addresses to computers manually or in your DHCP server. However, it is difficult to prevent users from changing their ip addresses or mac addresses. Though it is more reasonable to setup ip-mac binding in routers or switches, software solution is also a good option, as it is easier to setup and manage.

This tutorial will guide you to bind ip addresses to mac addresses in WFilter, an internet filtering and monitoring software product.

First, you need to setup a mirror port in your switch to do monitoring.
For how to deploy internet monitoring and filtering, check this guide: How to monitor internet usage?

Second, in “Control Settings”->”IP Management” of WFilter, you can setup ip-mac binding just by a few clicks.

i
When ip-mac binding is setup, internet access will be blocked when the user tries to change ip address or mac address.

Please notice: “ip-mac binding” feature of WFilter only works for single segment networks. It is because the real MAC addresses of computers can not be retrieved  in a multiple-segments network.