standby one Posted August 11, 2006 Report Posted August 11, 2006 Sorry to ask this question, But I have to block one of our team member from downloading on our company network.... he has been told not too, but that is an other story. We have Satellite internet and it hog the bandwith big time. And useing utorrent kills our VOIP! Oh forgot to say we are in Tortola BVI's. Thanks Sam
Ultima Posted August 11, 2006 Report Posted August 11, 2006 If you can, password protect your router so he can't configure and forward a port. Disable UPnP if it has it (unless you need it =T). If you can, you probably want to block or throttle unrecognized traffic. Impose some kind of bandwidth limit on his computer. That's about all you can do.
firewalled Posted August 11, 2006 Report Posted August 11, 2006 Also, if you are behind a sophisticated firewall (and I'm hoping you are since you're a business), you might try dropping all connections to his computer on ports not specified by you. (But this might also require more time and energy than you have) A smart firewall is also able to detect recognize certain programs. Perhaps you could configure it to drop all connections from the uTorrent client?
Ultima Posted August 11, 2006 Report Posted August 11, 2006 Not possible if the person is using Protocol Encryption, which is why my only suggestion for throttling/blocking is to block all unrecognized traffic.
Switeck Posted August 12, 2006 Report Posted August 12, 2006 If you can access his computer (with him not around), you could probably change µTorrent's advanced settings in such a way that it wouldn't work.Limiting half-open connections to 1 would slow it down immensely and not be visible from settings.Set net outgoing port to something blocked and outgoing ip to a LAN-only ip...preferably one not even on your LAN.I'm sure others can chime in with VERY BAD SETTINGS.Oh yeah, after making the settings changes...write protect that file. (read-only CHECKED!)
Ultima Posted August 12, 2006 Report Posted August 12, 2006 It's not that hard to move µTorrent and/or the settings around though. Additionally, if he had direct control over the computer, there are probably better solutions to the problem.
Switeck Posted August 12, 2006 Report Posted August 12, 2006 The a simple solution that's likely effective:Deny the "troublesome" computer internet access.If he wants to play by the rules (or at least use conservative settings that doesn't bring everything ELSE to a halt!), then give him internet access back.
standby one Posted August 12, 2006 Author Report Posted August 12, 2006 thanks guys I am working on it now.Sam
WebReaper Posted August 14, 2006 Report Posted August 14, 2006 As Switeck says, I would simply point out to the guy that BitTorrent contravenes company policy, and that if he continues he'll get written/verbal warnings or will be fired. Should discourage him pretty quickly.
djpc47 Posted June 23, 2008 Report Posted June 23, 2008 standby one, if you have a OpenBSD router/firewall or Linux router/firewall this may give you an idea on how to deal with the problem........ at least somewhat....http://rafb.net/p/GmtEYC87.htmlits my pf script for my OpenBSD firewall/routerthe basics of what this does is prioritizes your network traffic that access the internet..... and how it accesses the internet....pretty much I have acks highest priority, then voip 2nd highest, then regular traffic/computers, followed by p2p traffic/computers as lowest priority.....in my case I have one computer which I nick named watts it runs both my p2p's and voip, so any I wanted to have voip ports going as fast as possible yet have p2p's going slower...... in this case I 1) setup the voip ports so it has highest priority 2) set the remaining traffic as the lowest priority, there for making it so that utorrent or really anything else on that specific computer will not hog the internet to itselfanyway result is that I can now run my p2p at max and yet watch a streaming video with no problem on my dads computer or on my laptop or any other computer on my network...... note: if my dad, I or any other computer in the network started hogging the internet then I would have to either include that computers ip or mac address or whatever else in the limit too.... or put a seperate limit....anyway I'm thinking if your willing to try out this style of a approach it may work; if you haven't solved your problem by now.... what you'd do in your case I think best would be ignore the whole voip thing and just set all traffic going to that specific computers ip/mac address or whatever else to lowest priority and have everyone else's priority as 2nd highest next to ack packetsack packets, I believe are packets that let the computer on the other side know that your ready to receive your next packet so pretty much what prioritizing them highest does is speeds up your download speed, also I believe ack packets tend to be small so its not something that will slow you down;)note - #int_if altq - fall back portion doesn't need to be truly there I think, just a little experiment I'm doing;)also 600Kb on the ext_if altq part is the upload speed not download...... note that you can only prioritize outbound traffic which is where the bottleneck tends to be, in the case of internet connections..... its also part of the reason I did queuing on my internal network card too to try and control the download priority too..... however doing this may result in congestion so careful;) again why I called it experimental
Switeck Posted June 23, 2008 Report Posted June 23, 2008 On many routers, you can also block port ranges into the LAN from the internet...and out to the internet from the LAN. This is a good choice for non-standard ports.Do note that outgoing ephemeral ports have to be allowed in order for regular web surfing to be possible.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.