How to block all P2P?

saphear · November 6, 2011, 12:01pm

Hello everyone,
I’m in a bit of trouble: I’m going abroad for a few month and due to financial reasons I’m going to rent my room during this time. Since I’m afraid the guy living here might use illegal p2p, I tried to solve it with a law/legal consultant and a modified rental contract. But that is kind of really hard to make it waterproof.
Anyhow, I’m looking for a quick and dirty solution, to plain drop any p2p traffic (if possible all of it.. )
I had a look at the topic here http://forum.mikrotik.com/t/how-block-connection-of-p2p/18495/1
but the discussion there is a bit older and kind of went in different ways. I don’t want to slow p2p down, just a plain drop for all kinds of p2p.
Anyone can point me to a wiki entry or something on how this can be accomplished? A simple

 ip firewall filter add chain=forward p2p=all-p2p action=drop

didn’t do the trick, I had no trouble downloading some linux images via torrent.

fewi · November 6, 2011, 1:30pm

You can’t. It really is that simple. Because ISPs have been trying to drop P2P traffic for years the protocols have developed to evade detection. As I am sure the thread you read points out the only fool proof approach is to not drop P2P, but to whitelist everything permitted (HTTP, SMTP, etc) and drop everything else.

saphear · November 6, 2011, 5:11pm

Thanks for your reply.
I’ll have a look into the whitelisting idea, but I think in my case it wouldn’t make much sense…too much private use, gaming etc. I don’t want to block that just because I don’t know what the guy is playing etc.
Perhabs I’ll just consider logging a lot to an external logging server…that might help.

fewi · November 6, 2011, 5:40pm

That would work. It would, however, be a really, really large amount of data. Just so that you’re aware.

CCDKP · November 9, 2011, 2:42pm

saphear:

Hello everyone,
I’m in a bit of trouble: I’m going abroad for a few month and due to financial reasons I’m going to rent my room during this time. Since I’m afraid the guy living here might use illegal p2p, I tried to solve it with a law/legal consultant and a modified rental contract. But that is kind of really hard to make it waterproof.
Anyhow, I’m looking for a quick and dirty solution, to plain drop any p2p traffic (if possible all of it.. )
I had a look at the topic here http://forum.mikrotik.com/t/how-block-connection-of-p2p/18495/1
but the discussion there is a bit older and kind of went in different ways. I don’t want to slow p2p down, just a plain drop for all kinds of p2p.
Anyone can point me to a wiki entry or something on how this can be accomplished? A simple
 ip firewall filter add chain=forward p2p=all-p2p action=drop
didn’t do the trick, I had no trouble downloading some linux images via torrent.

Read through the whole thread, it is still current. The big points from it are:

*Redirect DNS and block DHT/UTP bootstrapping
*Apply the Layer7 filter from the post to catch torrent announces
*Apply the p2p filter to catch other protocols

With this in place, it will greatly impact bittorrent’s ability to work, but it CAN NOT STOP IT. As Fewi pointed out, this protocol is specifically designed to stop people from blocking it. That said, the rules above will still always flag on something, so you can use it for detection, then take secondary measures, such as temporarily throttling bandwidth, temporarily limiting TCP connections, or just logging it so you can have a “discussion” with them about acceptable use.