Preventing P2P acess via router

SoildSnake

SoildSnake

SoildSnake

Associate
Joined
15 Feb 2010
Posts
474
Is there a way to prevent peer to peer use on my home network apart from one PC. I was told by netgear over the phone this is possible; but when i emailed support they it is not. Any suggestions please? My router is the DG834
 
I'm going to say... no.

With P2P generally using a random port it's going to be really hard to open it just for one machine.
 
I've read somewhere that something called a "packet shaper" should do the job. But surely you could get a router that could read the packets and know where it's a P2P application or not?
 
If by P2P you mean torrents then you could set up the torrent client to use a static port, disable UPnP on the router and set up port forwarding for that 1 specific port on that 1 machine. This wouldn't compleatly stop P2P traffic for other devices but it would most likely slow the transfer speeds to realy low rates.

As for the router being able to know if a packet is a P2P application or not, you need to understand that data to be transfered over the internet is encapsulated multiple times, and for a router to find out what type of application the packet is it would have to use deep packet inspection technology to be able to look deep into the packet to know what it is. Most routers can't do this because there is no need to, as routers only need to look at some of the headers to do their job, they don't need to know what data is involved. To a certain degree routers can perform QoS and control traffic based on where the packet is heading (for example something heading to port 80 is most likely HTTP traffic), but P2P traffic uses random source and destination ports, so there is no way without deep packet inspection for the router to know what type of traffic it is.
 
Dist said:
If by P2P you mean torrents then you could set up the torrent client to use a static port, disable UPnP on the router and set up port forwarding for that 1 specific port on that 1 machine. This wouldn't compleatly stop P2P traffic for other devices but it would most likely slow the transfer speeds to realy low rates.

As for the router being able to know if a packet is a P2P application or not, you need to understand that data to be transfered over the internet is encapsulated multiple times, and for a router to find out what type of application the packet is it would have to use deep packet inspection technology to be able to look deep into the packet to know what it is. Most routers can't do this because there is no need to, as routers only need to look at some of the headers to do their job, they don't need to know what data is involved. To a certain degree routers can perform QoS and control traffic based on where the packet is heading (for example something heading to port 80 is most likely HTTP traffic), but P2P traffic uses random source and destination ports, so there is no way without deep packet inspection for the router to know what type of traffic it is.
Click to expand...

Plus if encryption is used then DPI is defeated unless you use some sort of behavioural monitoring/filtering.
 
See if you can block outbound traffic? Then, only allow outbound requests to known ports for your whole network. Creating additional rules as required.

For instance

1) Allow outbound Udp:53 tcp:80,443,25,21. (DNS, HTTP, HTTPS, SMTP, FTP)
2) Allow outbound All from x ip (from machine wanting to use bit torrent)
3) Addtional rules on a per machine / program basis.


1) would cover pretty much most day to day activity, 2) for your allowed bittorrent machine and 3) for any little extra rules such as MSN messenger, ICQ or whatever (or you could build these into rule 1))

This will require knowledge of ports however or ability to diagnose required ports.

netstat -nao is a great way to find out the remote port an application is trying to connect on.
 
Last edited:
You must log in or register to reply here.
Back
Top Bottom