pfSense Support Subscription

Author Topic: Blocking P2P Torrent Traffic - FAQ?  (Read 462 times)

0 Members and 2 Guests are viewing this topic.

Offline georgeberz

  • Jr. Member
  • **
  • Posts: 51
  • Karma: +0/-0
    • View Profile
Blocking P2P Torrent Traffic - FAQ?
« on: September 10, 2017, 12:37:37 pm »
Perhaps a current FAQ on generally important topics

Setting up a WiFi open access point free to all / hospitality / coffee shop etc. (pick a reason) and would like to block all p2p traffic bit torrent etc. I recd a letter warning about piracy!

What is the best method and practice

I just did a fresh install of pfsense downloaded the image burned and formatted and set up disk, noticed right after that it wanted to upgrade itself again. did that on 2.3.4-RELEASE-p1 dated july 14 2017

So to get to blocking,
I have read individual port blocking will not work as the torrent programs all look for any open ports.
Snort? I have seen things like load p2p profiles then no link to an example... I'm not familiar with configuring snort.
I have seen L7 packet inspection in description only to find out that its been removed.
I did get an oink code

Is there a clear and concise FAQ how to implement this for non geeks?

Thank you

George
« Last Edit: September 10, 2017, 01:12:27 pm by georgeberz »

Offline rlrobs

  • Full Member
  • ***
  • Posts: 159
  • Karma: +9/-0
    • View Profile
Re: Blocking P2P Torrent Traffic - FAQ?
« Reply #1 on: September 10, 2017, 01:47:56 pm »
1 - block ports above 1024
2 - install and enable rule p2p for snort
3 - enable openappID for snort (rule p2p)

Offline georgeberz

  • Jr. Member
  • **
  • Posts: 51
  • Karma: +0/-0
    • View Profile
Re: Blocking P2P Torrent Traffic - FAQ?
« Reply #2 on: September 10, 2017, 02:09:21 pm »
I think snort and the rules are loaded, however looking at the services>snort>interface
blocking is disabled and barnyard2 is disabled and I am still able to torrent ububtux64

I am getting snort alerts on status dashboard page but no blocking?


Offline belt9

  • Full Member
  • ***
  • Posts: 233
  • Karma: +24/-6
    • View Profile
Re: Blocking P2P Torrent Traffic - FAQ?
« Reply #3 on: September 10, 2017, 11:47:33 pm »
Don't block ports above 1024. That's stupid.
You won't stop torrents but you will break other things.

Just stick with snort or suricata and get the P2P rules blocking for you. Use the snort vrt and openet free sets. I recommend you only use the P2P rules and you might need to.disable some of those.

Check out the IDS/IPS subforum for specific help getting your rules working.

Offline georgeberz

  • Jr. Member
  • **
  • Posts: 51
  • Karma: +0/-0
    • View Profile
Re: Blocking P2P Torrent Traffic - FAQ?
« Reply #4 on: September 11, 2017, 02:43:42 pm »
With snort running and p2p libraries linked rebooted machine, still p2p traffic passes, went to pirate bay and transferred ubuntu just fine, logs showed some 2p2 blocking but still transferred the whole 1.6 gig file.

that could have just as easily been a copyrighted program... I need to STOP it all and I cant control the users... I have to limit them.

I do have open DNS locked and have p2p blocking there and that partially works but only by dns, not by protocols.

What do hospitality, hotel, motel, cafe, etc. do to prohibit their customers form doing p2p and torrent stuff...

I know someone there has a solution...

Thank you, please help...

Offline belt9

  • Full Member
  • ***
  • Posts: 233
  • Karma: +24/-6
    • View Profile
Re: Blocking P2P Torrent Traffic - FAQ?
« Reply #5 on: September 11, 2017, 04:27:29 pm »
Your snort is probably simply alerting instead of of blocking. Orisconfigured in some other way.

Offline georgeberz

  • Jr. Member
  • **
  • Posts: 51
  • Karma: +0/-0
    • View Profile
Re: Blocking P2P Torrent Traffic - FAQ?
« Reply #6 on: September 12, 2017, 10:51:02 am »
For WAN the snort libraries selected are as follows

emerging-p2p.rules
snort_p2p.rules
snort_pua-p2p.rules
snort_pua-p2p.so.rules
openappid-p2p_file_sharing.rules

I am getting p2p alerts

"1:2007727
      ET P2P possible torrent download"

then I will see the ip address come up in the blocked section but transfers continue.

I was downloading a legal torrent from the pirate bay site of ubuntu to test. I did not even notice a slow down, 10-15 mbit d/l speed.

Any ideas, surely someone has active p2p blocking working...




Offline belt9

  • Full Member
  • ***
  • Posts: 233
  • Karma: +24/-6
    • View Profile
Re: Blocking P2P Torrent Traffic - FAQ?
« Reply #7 on: September 12, 2017, 07:44:36 pm »
You are alerting not blocking.

You need to check out the IDS/IPS subforum. It is not just set it and forget it.


Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14265
  • Karma: +1329/-191
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Blocking P2P Torrent Traffic - FAQ?
« Reply #8 on: September 13, 2017, 04:47:56 am »
It is not just set it and forget it.

This could be the IPS slogan ;)

Love it when users think I just click this IPS button and all set ;) heheheheeh
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x 2.4.1-RELEASE on VM esxi 6.5 (home)