What is the best way to block P2P traffic

loveman · June 5, 2016, 9:07pm

Hello every one
i tired to drop P2P traffic but can’t block that
below will show you the way when i tried that
/ip firewall filter add action=add-src-to-address-list address-list=P2P address-list-timeout=30m chain=forward comment=“Add P2P hosts to address list” out-interface=ether1-gateway p2p=all-p2p

/ip firewall filter add action=drop chain=forward comment=“Drop traffic from P2P hosts” out-interface=ether1-gateway src-address-list=P2P

but not working
how can drop p2p (p2p=all-p2p) traffic because i need to block vpn program
regards

skyctgbd · June 6, 2016, 8:16am

/ip firewall filter
add chain=forward protocol=gre action=drop
add chain=forward protocol=tcp dst-port=1723 action=drop

i hope vpn will be off …

tr00g33k · June 6, 2016, 9:21am

What kind of VPN connection PPtP, SSTP, vendor specific ? It depends what kind of VPN you whant to block,…

pe1chl · June 6, 2016, 2:03pm

What you describe is PPTP which is something different from P2P.

loveman · June 6, 2016, 7:09pm

My question to you
If you tried your method and that method true active “drop vpn program” or not working
Regards

skyctgbd · June 7, 2016, 8:20am

This method will be drop Hotspot Shield program. i am not sure 100%, But it will be work for dropping Hotspot Shield. Must you have to use open dns in Mikrotik.
/ip firewall address-list
add address=157.56.106.0/24 disabled=no list=hotspotshield
add address=157.56.144.0/24 disabled=no list=hotspotshield
add address=198.144.116.0/24 disabled=no list=hotspotshield
add address=204.14.77.0/24 disabled=no list=hotspotshield
add address=204.14.0.0/16 disabled=no list=hotspotshield
add address=205.164.34.0/24 disabled=no list=hotspotshield
add address=209.73.0.0/16 disabled=no list=hotspotshield
add address=212.118.232.0/24 disabled=no list=hotspotshield
add address=216.172.138.0/24 disabled=no list=hotspotshield
add address=216.172.0.0/16 disabled=no list=hotspotshield
add address=46.0.0.0/8 disabled=no list=hotspotshield
add address=66.171.229.0/24 disabled=no list=hotspotshield
add address=68.68.107.0/24 disabled=no list=hotspotshield
add address=68.68.108.0/24 disabled=no list=hotspotshield
add address=69.22.168.0/24 disabled=no list=hotspotshield
add address=69.22.170.0/24 disabled=no list=hotspotshield
add address=74.115.0.0/16 disabled=no list=hotspotshieldb
add address=94.245.121.0/24 disabled=no list=hotspotshield
add address=69.22.185.0/24 disabled=no list=hotspotshield
add address=174.129.0.0/16 disabled=no list=hotspotshield
add address=216.172.135.0/24 disabled=no list=hotspotshield
add address=67.220.0.0/16 disabled=no list=hotspotshield
add address=50.0.0.0/8 disabled=no list=hotspotshieldb
add address=79.125.0.0/16 disabled=no list=hotspotshield
add address=75.101.0.0/16 disabled=no list=hotspotshield
add address=176.56.0.0/16 disabled=no list=hotspotshield
add address=54.75.0.0/16 disabled=no list=hotspotshield
add address=54.161.0.0/16 disabled=no list=hotspotshield
add address=199.188.0.0/16 disabled=no list=hotspotshield

Now create Rules to block above address list and additional ports

/ip firewall filter
add action=drop chain=forward comment=“Block_Hotspot_Shield_Addresses” disabled=no src-address-list=hotspotshield
add action=drop chain=forward comment=“Block_Hotspot_Shield_Ports” disabled=no dst-port=990,179,105,706,5245,3451,15009 protocol=tcp

/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB max-udp-packet-size=512 primary-dns=208.67.222.222 secondary-dns=208.67.220.220

loveman · June 7, 2016, 10:39am

skyctgbd:

This method will be drop Hotspot Shield program. i am not sure 100%, But it will be work for dropping Hotspot Shield. Must you have to use open dns in Mikrotik.
/ip firewall address-list
add address=157.56.106.0/24 disabled=no list=hotspotshield
add address=157.56.144.0/24 disabled=no list=hotspotshield
add address=198.144.116.0/24 disabled=no list=hotspotshield
add address=204.14.77.0/24 disabled=no list=hotspotshield
add address=204.14.0.0/16 disabled=no list=hotspotshield
add address=205.164.34.0/24 disabled=no list=hotspotshield
add address=209.73.0.0/16 disabled=no list=hotspotshield
add address=212.118.232.0/24 disabled=no list=hotspotshield
add address=216.172.138.0/24 disabled=no list=hotspotshield
add address=216.172.0.0/16 disabled=no list=hotspotshield
add address=46.0.0.0/8 disabled=no list=hotspotshield
add address=66.171.229.0/24 disabled=no list=hotspotshield
add address=68.68.107.0/24 disabled=no list=hotspotshield
add address=68.68.108.0/24 disabled=no list=hotspotshield
add address=69.22.168.0/24 disabled=no list=hotspotshield
add address=69.22.170.0/24 disabled=no list=hotspotshield
add address=74.115.0.0/16 disabled=no list=hotspotshieldb
add address=94.245.121.0/24 disabled=no list=hotspotshield
add address=69.22.185.0/24 disabled=no list=hotspotshield
add address=174.129.0.0/16 disabled=no list=hotspotshield
add address=216.172.135.0/24 disabled=no list=hotspotshield
add address=67.220.0.0/16 disabled=no list=hotspotshield
add address=50.0.0.0/8 disabled=no list=hotspotshieldb
add address=79.125.0.0/16 disabled=no list=hotspotshield
add address=75.101.0.0/16 disabled=no list=hotspotshield
add address=176.56.0.0/16 disabled=no list=hotspotshield
add address=54.75.0.0/16 disabled=no list=hotspotshield
add address=54.161.0.0/16 disabled=no list=hotspotshield
add address=199.188.0.0/16 disabled=no list=hotspotshield

Now create Rules to block above address list and additional ports

/ip firewall filter
add action=drop chain=forward comment=“Block_Hotspot_Shield_Addresses” disabled=no src-address-list=hotspotshield
add action=drop chain=forward comment=“Block_Hotspot_Shield_Ports” disabled=no dst-port=990,179,105,706,5245,3451,15009 protocol=tcp

/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB max-udp-packet-size=512 primary-dns=208.67.222.222 secondary-dns=208.67.220.220

Iam already block Hotspot Shield program..
But i need to block psiphon vpn?

pe1chl · June 7, 2016, 11:43am

Oh man you are so confusing!
You ask “What is the best way to block P2P traffic” then you need to block some
VPN, and when you get told it is a social/contract problem not a technical problem
you just start a new thread and start the confusion again!

Just make up your mind and ask what you want to ask. And read replies.

loveman · June 7, 2016, 12:06pm

My friend
My post to ask any one have idea to stop p2p traffic..
Why i need this? Because all program of vpn
Working with p2p traffic, if i block that i will true for stop vpn’s program,
Then
Some one write to me here how to drop one of program’s vpn like hotspot shield
I wrote him that i have idea to drop it,
Now if you have method to drop p2p traffic and method working, please write me here..
Regards

loveman · June 7, 2016, 12:11pm

Dear friend
Any think you have to drop p2p traffic please write here..
Thank you

pe1chl · June 7, 2016, 12:34pm

You lack the basic understanding of what a VPN does and what you can do.
Blocking a VPN and blocking P2P traffic to go through it are two completely different things.
And both of them are not easy to do, certainly for someone with limited network skills.

Please solve it the non-technical way. Convince your employees about the reasonability of
your requirements and else turn off the WiFi so they won’t be able to abuse it anymore.