Jump to content

How to block utorrent on a company network


standby one

Recommended Posts

Sorry to ask this question, But I have to block one of our team member from downloading on our company network.... he has been told not too, but that is an other story. We have Satellite internet and it hog the bandwith big time. And useing utorrent kills our VOIP! Oh forgot to say we are in Tortola BVI's.

Thanks

Sam

Link to comment
Share on other sites

If you can, password protect your router so he can't configure and forward a port. Disable UPnP if it has it (unless you need it =T). If you can, you probably want to block or throttle unrecognized traffic. Impose some kind of bandwidth limit on his computer. That's about all you can do.

Link to comment
Share on other sites

Also, if you are behind a sophisticated firewall (and I'm hoping you are since you're a business), you might try dropping all connections to his computer on ports not specified by you. (But this might also require more time and energy than you have) A smart firewall is also able to detect recognize certain programs. Perhaps you could configure it to drop all connections from the uTorrent client?

Link to comment
Share on other sites

If you can access his computer (with him not around), you could probably change µTorrent's advanced settings in such a way that it wouldn't work.

Limiting half-open connections to 1 would slow it down immensely and not be visible from settings.

Set net outgoing port to something blocked and outgoing ip to a LAN-only ip...preferably one not even on your LAN.

I'm sure others can chime in with VERY BAD SETTINGS.

Oh yeah, after making the settings changes...write protect that file. (read-only CHECKED!)

Link to comment
Share on other sites

  • 1 year later...

standby one, if you have a OpenBSD router/firewall or Linux router/firewall this may give you an idea on how to deal with the problem........ at least somewhat....

http://rafb.net/p/GmtEYC87.html

its my pf script for my OpenBSD firewall/router

the basics of what this does is prioritizes your network traffic that access the internet..... and how it accesses the internet....

pretty much I have acks highest priority, then voip 2nd highest, then regular traffic/computers, followed by p2p traffic/computers as lowest priority.....

in my case I have one computer which I nick named watts it runs both my p2p's and voip, so any I wanted to have voip ports going as fast as possible yet have p2p's going slower...... in this case I 1) setup the voip ports so it has highest priority 2) set the remaining traffic as the lowest priority, there for making it so that utorrent or really anything else on that specific computer will not hog the internet to itself

anyway result is that I can now run my p2p at max and yet watch a streaming video with no problem on my dads computer or on my laptop or any other computer on my network...... note: if my dad, I or any other computer in the network started hogging the internet then I would have to either include that computers ip or mac address or whatever else in the limit too.... or put a seperate limit....

anyway I'm thinking if your willing to try out this style of a approach it may work; if you haven't solved your problem by now.... what you'd do in your case I think best would be ignore the whole voip thing and just set all traffic going to that specific computers ip/mac address or whatever else to lowest priority and have everyone else's priority as 2nd highest next to ack packets

ack packets, I believe are packets that let the computer on the other side know that your ready to receive your next packet so pretty much what prioritizing them highest does is speeds up your download speed, also I believe ack packets tend to be small so its not something that will slow you down;)

note - #int_if altq - fall back portion doesn't need to be truly there I think, just a little experiment I'm doing;)

also 600Kb on the ext_if altq part is the upload speed not download...... note that you can only prioritize outbound traffic which is where the bottleneck tends to be, in the case of internet connections..... its also part of the reason I did queuing on my internal network card too to try and control the download priority too..... however doing this may result in congestion so careful;) again why I called it experimental

Link to comment
Share on other sites

On many routers, you can also block port ranges into the LAN from the internet...and out to the internet from the LAN. This is a good choice for non-standard ports.

Do note that outgoing ephemeral ports have to be allowed in order for regular web surfing to be possible.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...