Need a better method of stopping P2P on my network

LiquidDave · August 14, 2014, 4:22am

Right now we are blocking and/or rate limiting as much P2P as we know how to.

I have setup rules to filter DNS queries, rate limit excessive UDP connections and search for keywords within the packets. The problems are some users are obfuscating P2P, others have figured out that they can download the torrent file before they connect and then load it up. I am fielding DMCA reports every day now even with the rules enabled. Could anyone make some suggestions as to what I should look into doing?

PS I would be more than happy blocking P2P completely if anyone can give me some input on blocking P2P on all my interfaces that would actually be ideal.

Bongo · August 22, 2014, 5:28pm

best is create a queue & mangle rule & set the queue to its lowest
you can also set limited packet size and sync flood

eg:

Mangle:

action=mark-connection chain=prerouting comment=“p2p mark”
new-connection-mark=p2p_conn p2p=all-p2p
action=mark-packet chain=prerouting connection-mark=p2p_conn
new-packet-mark=p2p_conn passthrough=no

Queue

max-limit=1k name=p2p packet-mark=p2p_conn parent=global queue=default

mgawad9 · September 14, 2014, 1:34pm

not working
PLZ help

niceman2007 · September 19, 2014, 2:52pm

me too need help about this nothing stop p2p ,any suggestions?