Hi,
I received this from the spanish Mikrotik phorum and consider ti to be of interest to everybody, so I decided to post it here:
http://www.tippingpoint.com/pdf/resourc ... raffic.pdf
Best Regards
Jorge Boardman
sorry, couldn find anything interesting and new in this document.
all they where talking about was - how bad that p2p exists and users share music, movies etc etc.
and usage is so intensive, that it brings your netowrk ifrasturcture to its knees.
yeah, that is bad, that is wrong.
but all this can be done using MT ROS - i dont think they can manage encrypted traffic of torrent or any other encrypted traffic at all - only posible solution is to DROP ALL traffic, or you will face encrypted traffic rampaging on your network OR allow users to use p2p mark for known ptp and all other traffic beeing dropped (unmanaged traffic)
and ISP has allways remember that NOT ALL users share illegal contents. maybe some hadnycam freek choses to share his 20GB 1 hour camera dump to its friend to process it using same BAD un VERY BAD p2p network.
also, some comanies redistribute program updates using p2p network (like Blizzard)
so, do not forget - there is allways other side of a coin.
all they where talking about was - how bad that p2p exists and users share music, movies etc etc.
and usage is so intensive, that it brings your netowrk ifrasturcture to its knees.
yeah, that is bad, that is wrong.
but all this can be done using MT ROS - i dont think they can manage encrypted traffic of torrent or any other encrypted traffic at all - only posible solution is to DROP ALL traffic, or you will face encrypted traffic rampaging on your network OR allow users to use p2p mark for known ptp and all other traffic beeing dropped (unmanaged traffic)
and ISP has allways remember that NOT ALL users share illegal contents. maybe some hadnycam freek choses to share his 20GB 1 hour camera dump to its friend to process it using same BAD un VERY BAD p2p network.
also, some comanies redistribute program updates using p2p network (like Blizzard)
so, do not forget - there is allways other side of a coin.
this all depends on what kind of service you are providing. if a user is paying for his internet connection and certain amount of bandwidth - it does not matter what this user is doing over this connection. he has his rights to talk over skype, download his legitimate linux distributions over torrent networks, listen to internet radio and chat over msn and install a wifi router to use a wifi laptop in his house. you have no right to deny these services to your users or he will just choose another ISP. it's just my personal thoughts, it does depend on a lot of things. depends on what kind of agreement the user has signed, but if it were me - i would not sign an agreement where everything is blocked except www on port 80
Can RouterOS drop P2P for certain periods of time like during business hours then allow for nights then back drop during next day?routeros can `drop` any kind of torrent traffic. encrypted traffic cannot be slowed down with queues, but it can be effectively dropped with firewall.
Or does it works only for new connections? This is something have been not completely clear for me....
Best
Jorge Boardman
-
-
wildbill442
Forum Guru
- Posts: 1055
- Joined:
- Location: Sacramento, CA
Do you have connection tracking enabled?I just add "drop all p2p" then run µTorrent and in winbox run torchWhat tool to you use to measure that Mt only catches 10%?I try to limit p2p but MT catch only 10% of real p2p traffic
with disabled rule 10Mb speed no problem
with enabled 7~9Mb speed after some time
-
-
Alessio Garavano
Member
- Posts: 306
- Joined:
- Location: Corrientes, Argentina
- Contact:
Do you want to tell that my user shaped to 256 kbps can actually achieve more speed over encrypted torrent trafficrouteros can `drop` any kind of torrent traffic. encrypted traffic cannot be slowed down with queues, but it can be effectively dropped with firewall.
?! And only thing that I can do is to block whole bit torrent (crypted and regular) traffic? How to test, btw, is there any of the encrypted traffic on my router?
no, what i said only applies if you try to mark p2p and make a queue out of it. queuing all traffic works as usual.Do you want to tell that my user shaped to 256 kbps can actually achieve more speed over encrypted torrent trafficrouteros can `drop` any kind of torrent traffic. encrypted traffic cannot be slowed down with queues, but it can be effectively dropped with firewall.
How to test, btw, is there any of the encrypted traffic on my router?
-
-
Alessio Garavano
Member
- Posts: 306
- Joined:
- Location: Corrientes, Argentina
- Contact:
Hi Normis, i know is fixed in RouterOS3, but is very beta to work in production box, exist a workaround in 2.9.x to this feature?fixed in v3This "time" function has problem when the "clock" of the router is in another GMT location...yes, there is `time` setting in firewall.
How may be fixed this problem in 2.9.x?
Thanks and best regards!
Alessio
Who is online
Users browsing this forum: sebi099 and 95 guests