Solved Blocking p2p traffic on network

[suspect008]

Hi Everyone and thank you for taking a look.

I work on a road project in a rural area here in SL and we have very limited internet connectivity in my office of just 120gb package per month.

but here other employees are using this to download torrents and they have already eaten up 70gb on this month's package. so my bosses are asking me to control the traffic.

so heres the situation, we have setup a network using dhcp and this router (Tplink TD-W8950ND) doent have QOS settings to block incoming ports but to block outgoing traffic from ports(I really hope of blocking p2p ports, thats why I mentioned about port blocking).
I have a computer with administrative rights connected to the router directly and some of those other computers are connected as well with administrative rights. so we cant disconnect them by force as it would cost some complications.

so in short, what I wanna do is to block all the incoming p2p traffic on the network so we may save some bandwidth and data for office use. how can I do this on this situation?
(note: ipcop or anything requires to use a whole separate computer to setup a firewall or something like that isn't an option here. )
Thank You very much and any help is greatly appreciated

 

[TanyaC]

Hi,

There is no fool-proof way to block all P2P traffic on a network with non-enterprise equipment, particularly brands like TPLINK.

The problem with P2P programs is they can change the ports they use. Additionally, if your router supports uPNP (and most do), ports can be forwarded via upnp. Some p2p programs can randomise their port too.

Some of the methods you can use to reduce the P2P traffic are:

1). Use OpenDNS and select the P2P/File sharing category.
2). Block known P2P ports.
3). Grab a higher end router
4). Set up packet filtering rules for specific machines (by IP or MAC address)
5). Use a proxy server.
6). Install a third party firewall (such as PIX or Kerio), for blocking some conent.

This list is by no means exhaustive.

for (4) above: At the risk of being too technical, with packet filtering you will get a good level of control. You could open only those ports needed for business use (such as 80, 443, 21, 25, 110), and use a "Implicit Deny" which means that everything else is blocked. But as I said, this is a fairly technical solution. If you're not familiar with packet filtering you'll need to find someone who is.

Here is a site that gives a little info on common port usage:
Common Application Ports - Bandwidth Controller

This may also be of use, but it is quite technical.
TCP/IP Ports

I'd be creating a formal policy on Internet usage at work, and have strong consequences of inappropriate use. Ultimately, that might have more success than trying to play cat and mouse with people who try to work around all the controls you put in place.

Where I used to work, inappropriate internet usage could result in instant dismissal and/or criminal charges. But you might not need to go quite that far.

Good luck

 

[suspect008]

Thank You tanya for your time and help, I am completely agreed with the fact about router brand thing, what I suggested was a cisco e2500 for this small area network with the mind of controling the traffic via QOS. but you know, most are fooled by the word cost cutting and now they suffer the consequences.
thanks in advance for your help again, I will try them but literally theres very little could do with this shit routers, even it does not support dd-wrt or tomato. so I was hoping for a solution like ip-cop but a windows based firewall kinda thing. thanks for your help.