CrazyEngineers
  • Hi guys,

    I have a bit of a problem at work. I have people downloading files using torrent clients.😡 How do I stop this? I am thinking of blocking all but a couple of ports, to prevent the torrent client from connecting to internet.

    About the network infrastructure, we have a Beetel Modem + Router and a Windows 2003 server acting as DNS and DHCP server. Is it possible for me to block ports using the said infrastructure?

    Also using ipsec, if I block the ports for the server, will it effect the other systems on the network or not?

    I will not get approval for purchase of a new router or any additional equipment, so I have to make do within the existing infrastructure.😔 All solutions are welcome!

    Regards,
    mad_scientist
    Replies
Howdy guest!
Dear guest, you must be logged-in to participate on CrazyEngineers. We would love to have you as a member of our community. Consider creating an account or login.
Replies
  • durga ch

    MemberAug 24, 2011

    firstly,
    what are the services the employees are allowed to use ?
    Nevertheless, try implementing ACLs (access control lists) to block specific kind of programs from accessing the internet. It does not require too much of effort.
    ACLs (access control lists) are a simple way to control the inbound and outbound traffic within a given network. They are mainly implemented on the Routers.
    The syntax format of a ACL is generally:

    ip access_list extended <number/name> <deny/permit> <protocol> <source IP> <mask><destination IP> <mask> <Destination port> where destination IP can be 'any' for unknown addresses and estination port will be important here. Source IP shall be your network addresses itself . Its the destination port which would be important.
    Since you mentioned torrents I am assuming, it has to do with blocking or rather screening between the extrnal network and internal network and not exaclt on the windows server .

    as well, I came across another method other than implementing ACLs . #-Link-Snipped-#

    the above link is for cisco routers, there should be similar method for beetal as well
    ask your network admin, to do either of the methods
    Are you sure? This action cannot be undone.
    Cancel
  • Aashish Joshi

    MemberAug 24, 2011

    I just thought of something we did in our college hostel.

    Would it be easier if I just setup a proxy server? The modem will be connected to the server, and the server will allow/deny or restrict all the connections. There are proxy software available for this purpose, like CCProxy, etc.
    Are you sure? This action cannot be undone.
    Cancel
  • durga ch

    MemberAug 24, 2011

    Hmm, implementing a proxy server is as well ok, but I was thinking in case you are implemeting a proxy server, why not do it at the DNS level itself? I dont know exact implementation steps for implemeting proxy servers.
    Are you sure? This action cannot be undone.
    Cancel
  • Aashish Joshi

    MemberAug 24, 2011

    Hmm, I didn't know we could do that! Implement the proxy server at the DNS level I mean! Any pointers??
    Are you sure? This action cannot be undone.
    Cancel
  • durga ch

    MemberAug 25, 2011

    hey,
    I dont know what DNS you are using, but have a look at this offering by Open DNS.
    Its free and content filtering is as well provided

    #-Link-Snipped-#
    Are you sure? This action cannot be undone.
    Cancel
  • Prasad Ajinkya

    MemberAug 26, 2011

    Interesting problem.

    You can filter the requests at the DNS level, however there is no easy way of forcing everyone to use the DNS defined. A better approach is a proxy server and allow only HTTP traffic through. As long as you are filtering traffic, you can screen out the P2P traffic.
    Are you sure? This action cannot be undone.
    Cancel
  • durga ch

    MemberAug 27, 2011

    @ Kidakaka - I was thinking since they seem to be already having their own DNS server all employess migth be querying it (i know too many assumptions), thought this might work. But nevertheless, I agree applying ACLs or using a proxy is better idea.
    Are you sure? This action cannot be undone.
    Cancel
Home Channels Search Login Register