Discussion:
Blocking Bit Torrent
(too old to reply)
David Kaye
2014-05-23 19:14:47 UTC
Permalink
Raw Message
I'm not up on current Bit Torrent technologies, but last I checked there was
no way to effectively block Bit Torrent.

The manager of an apartment building I administer (74 units) got a notice
from Comcast stating that Bit Torrent was used to download "Game of
Thrones". I'm aware that these issues usually just end with the notice
being sent. Even so, my customer wants to be reassured that I'm doing
everything I can do to help stop this file piracy.

As I understand it, Bit Torrent and other torrents can and do use any port
they wish, including those below 1024, and thus there is probably no
practical way to prevent torrents from bsing used. Also, filtering via MAC
address is impractical, given the large number of computers involved.

Is there any kind of (not too expensive) firewalling available that
addresses this issue?

Ideas anyone?





---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com
Thad Floryan
2014-05-23 20:09:30 UTC
Permalink
Raw Message
Post by David Kaye
I'm not up on current Bit Torrent technologies, but last I checked there was
no way to effectively block Bit Torrent.
The manager of an apartment building I administer (74 units) got a notice
from Comcast stating that Bit Torrent was used to download "Game of
Thrones". I'm aware that these issues usually just end with the notice
being sent. Even so, my customer wants to be reassured that I'm doing
everything I can do to help stop this file piracy.
As I understand it, Bit Torrent and other torrents can and do use any port
they wish, including those below 1024, and thus there is probably no
practical way to prevent torrents from bsing used. Also, filtering via MAC
address is impractical, given the large number of computers involved.
Is there any kind of (not too expensive) firewalling available that
addresses this issue?
Ideas anyone?
Hi David,

Short story is the need to block P2P and/or using a router
capable of Deep Packet Inspection (DPI) such as some of the
SonicWall products (which are expensive) because any of the
usual "home" routers cannot do that. As you noticed, any ports
can be used by bit torrent.

Googling "how to block bit torrent" found some interesting hits
including this one:

http://www.imfirewall.us/WFilter.htm P2P blocker

Most of the Google hits mention blocking P2P is a policy matter
not requiring a hardware solution.

Some of the hits mentioned checking traffic volume to identify
the miscreant, then cut off his access (or fire him if this is
happening at a business). Throttling traffic to the miscreant
to nearly zero should piss him off enough that he'll either stop
doing it or move elsewhere and be somebody else's problem :-)

Thad
David Kaye
2014-05-23 21:04:50 UTC
Permalink
Raw Message
Post by Thad Floryan
Googling "how to block bit torrent" found some interesting hits
http://www.imfirewall.us/WFilter.htm P2P blocker
I post here when I'm asking about real world experiences, since I'm already
adept at Google searches. Late last night I wrote to the WFilter folks
about this kind of deployment, but have not heard back from them yet. I've
already tested WFilter on my home network, but not having torrent software I
don't really have a reliable test scenario.

One thing that seems to work okay is WFilter's measurement of bytes going
through each computer on the network. This is somewhat helpful, and will
probably have to do for now. But the issue isn't bandwidth use but torrent
use.

Of course, one problem with tracking rather than blocking is the so-what
factor. So what if we know which computer has taken up a huge chunk of
bandwidth? How are we going to warn that user? With 74 apartments, we have
no way of knowing. So, the only real solution is to block torrents in the
first place, and if WFilter does it effectively it's going to be a bit of a
learning curve for me to find out how it works and how to deploy it without
blocking legitimate traffic from users that might be using gaming ports,
teleconferencing software, employer databases, and the like.




---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com
Eli the Bearded
2014-05-23 21:49:24 UTC
Permalink
Raw Message
Post by David Kaye
Of course, one problem with tracking rather than blocking is the so-what
factor. So what if we know which computer has taken up a huge chunk of
bandwidth? How are we going to warn that user? With 74 apartments, we have
no way of knowing. So, the only real solution is to block torrents in the
first place, and if WFilter does it effectively it's going to be a bit of a
Torrents have non-infringing uses. I downloaded distros of the Slackware
14.0 and 14.1 (one as a DVD ISO, one as multiple CD ISOs) this year by
torrent. I have also gotten several legit (published by maker and out of
copyright) movies by torrent. You probably knew this.

Many torrent tools now include encryption options to thwart deep packet
inspection. I very much doubt that will hide you from your torrent peers,
but it should hide you from everyone inbetween.

Being one of the torrent peers is how I believe the current "grab the IP of
the infringer" identification works.

Elijah
------
would make loud noises over having linux ISO torrents blocked
Roy
2014-05-24 00:45:50 UTC
Permalink
Raw Message
Post by Eli the Bearded
Post by David Kaye
Of course, one problem with tracking rather than blocking is the so-what
factor. So what if we know which computer has taken up a huge chunk of
bandwidth? How are we going to warn that user? With 74 apartments, we have
no way of knowing. So, the only real solution is to block torrents in the
first place, and if WFilter does it effectively it's going to be a bit of a
Torrents have non-infringing uses. I downloaded distros of the Slackware
14.0 and 14.1 (one as a DVD ISO, one as multiple CD ISOs) this year by
torrent. I have also gotten several legit (published by maker and out of
copyright) movies by torrent. You probably knew this.
Many torrent tools now include encryption options to thwart deep packet
inspection. I very much doubt that will hide you from your torrent peers,
but it should hide you from everyone inbetween.
Being one of the torrent peers is how I believe the current "grab the IP of
the infringer" identification works.
Elijah
------
would make loud noises over having linux ISO torrents blocked
I use BitTorrent often. There is a lot of software distributed that way.
Thad Floryan
2014-05-24 01:42:31 UTC
Permalink
Raw Message
Post by Roy
[...]
I use BitTorrent often. There is a lot of software distributed that way.
Hi Roy,

And a LOT, if not most, of software is distributed as a single-file
ownload.

Over the decades I've downloaded &BSD, Linux, Solaris and even Windows
Release Candidates as single-file downloads. One number I remember is
14 minutes to download the final Windows 7 Release Candidate as a single
ISO file from Microsoft.

The only benefit I see of bit torrent (other than outright piracy) is
this from the Wikipedia article:

The BitTorrent protocol allows users to join a "swarm" of hosts
to download and upload from each other simultaneously. The
protocol is an alternative to the older single source, multiple
mirror sources technique for distributing data, and can work over
networks with lower bandwidth. Using the BitTorrent protocol,
several basic computers, such as home computers, can replace
large servers while efficiently distributing files to many
recipients. This lower bandwidth usage also helps prevent large
spikes in internet traffic in a given area, keeping internet
speeds higher for all users in general, regardless of whether or
not they use the BitTorrent protocol.

DILLIGAF? No, because that swarm by definition delays downloads.
It might be useful for folks with slower Internet as the above
parapgraph suggests.

I can download extremely large files very rapidly. I usually do it in
the wee hours of the night because that is when I'm normally WORKING on
my computers as opposed to simple things like posting to Usenet or other
orums during the day.

3.5MB/S is the normal download speed I see every single day/night
from well-connected sites (e.g., Microsoft, Stanford, HP, and also
a number of overseas sites).

Thus I have no compelling need to use bit torrrent for anything.

And if bit torrent functions per your requirements, fine!

And I still believe David should contact Comcast to get the name
and building apartment number of the bit torrent miscreant to
prevent the cops or sheriff from kicking-in EVERY apartment door
in the building to find the thief.

Thad
Eli the Bearded
2014-05-24 05:07:53 UTC
Permalink
Raw Message
Post by Thad Floryan
DILLIGAF? No, because that swarm by definition delays downloads.
It might be useful for folks with slower Internet as the above
parapgraph suggests.
I disagree. Say you have one source and one downloader, yes the
torrent protocol just add overhead. Say instead you have one source
(seed) and a hundred downloaders (leeches). That's going to limit
your download to how fast that one source can pump it out to all of
the leeches. With torrenting seed can be broken up into 100 parts and
each part distributed to just one leech first. Then each leech can
download a second part from the seed and simultaneously one or more
parts (reseeding) from other leeches. This is like "download
accelerators" (which get around throughput by using multiple
connections) combined with mirror sites in one fell swoop.

Given that torrent chunks are typically a fixed size, and realistic
seeding has more than 100 leeches on day one, with a large mix of
starting times, you can get downloading that is as fast as your pipe
without being limited by the size of the pipe of the original source
(divided among all downloaders).

I've heard of people using torrent on internal networks to manage
distribution within their own high-speed infrastructure because the
swarming lets the downloading action be distrubuted amoung many
servers. For example, Facebook and Twitter use it to update their
own software on their machines:

https://torrentfreak.com/facebook-uses-bittorrent-and-they-love-it-100625/

Elijah
------
it's a niche, and a good one for non-profit sources like linux distros
Mike Stump
2014-05-24 20:57:03 UTC
Permalink
Raw Message
Post by Thad Floryan
And I still believe David should contact Comcast to get the name
and building apartment number of the bit torrent miscreant to
prevent the cops or sheriff from kicking-in EVERY apartment door
in the building to find the thief.
lol... Sounds like you don't keep up on the laws of the land. While
they could, kick in one door, the door of the person suspected of
doing the misdeed; they typically don't kick in 75 doors of everyone
in an entire complex. They can, it is just that they actually need a
good reason, like, a person that just shot and killed 50 people at the
mall next door. Typically they won't even kick in that door.
Thad Floryan
2014-05-24 21:33:25 UTC
Permalink
Raw Message
Post by Mike Stump
Post by Thad Floryan
And I still believe David should contact Comcast to get the name
and building apartment number of the bit torrent miscreant to
prevent the cops or sheriff from kicking-in EVERY apartment door
in the building to find the thief.
lol... Sounds like you don't keep up on the laws of the land. While
they could, kick in one door, the door of the person suspected of
doing the misdeed; they typically don't kick in 75 doors of everyone
in an entire complex. They can, it is just that they actually need a
good reason, like, a person that just shot and killed 50 people at the
mall next door. Typically they won't even kick in that door.
Hi Mike,

Hah, hah, I really should have put a smiley ":-)" on the above
because I was laughing so hard when I wrote that paragraph.

Seriously. I wonder what Comcast was thinking by sending (postal?)
the notice to the apartment manager since Comcast obviously knew
it was a bit torrent download of a pirated game and they knew the
IP address of the miscreant along with all the particulars up to
and including the cable modem model, MAC address, and more as I
can see setup on the Motorola SB6121 I have setup on Comcast at
my home.

What could Comcast expect the manager to do? Evict him? Flush
the guy's modem down the toilet? Raise his rent?

Comcast clearly understood what was going on and they have the
ability to stop it and, if necessary, contact law enforcement if
they really wanted to be hard-assed about it (presuming this wan
a first offense).

The whole episode stinks and we still haven't seen a description
of the apartment building's cable Internet infrastructure and
billing setup as has been mentioned previously in this thread.

Thad
David Kaye
2014-05-26 19:41:45 UTC
Permalink
Raw Message
Post by Thad Floryan
Seriously. I wonder what Comcast was thinking by sending (postal?)
[....]
Post by Thad Floryan
What could Comcast expect the manager to do? Evict him? Flush
the guy's modem down the toilet? Raise his rent?
Heck, I guess I'm more up on this stuff than the rest of you folks are.
Okay, here goes: The DMCA specifically exempts common carriers from
liability, but it requires them to forward notices from the infringed party,
which Comcast did.

As a provider of internet service without touching the data (that is,
interpreting its contents), both Comcast and the building itself would
qualify as common carriers.

I think that rather than even suggest torrent blocking software I'll just
give the manager a copy of the DMCA itself, noting the relevant parts.


From the DMCA itself:

"Limitation for Transitory Communications

"In general terms, section 512(a) limits the liability of service providers
in
circumstances where the provider merely acts as a data conduit, transmitting
digital
information from one point on a network to another at someone else's
request. This
limitation covers acts of transmission, routing, or providing connections
for the
information, as well as the intermediate and transient copies that are made
automatically
in the operation of a network."




---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com
Roy
2014-05-27 05:05:57 UTC
Permalink
Raw Message
The one thing is that if you are a "carrier", you should be able to send
the DMCA notice to the user. Back in the old days when I was an ISP, I
captured all the dynamic IP and MAC addresses in a log. When something
like a DMCA (or a warrant) showed up, we could pin down the userid
fairly quickly.
Post by Thad Floryan
Post by Thad Floryan
Seriously. I wonder what Comcast was thinking by sending (postal?)
[....]
Post by Thad Floryan
What could Comcast expect the manager to do? Evict him? Flush
the guy's modem down the toilet? Raise his rent?
Heck, I guess I'm more up on this stuff than the rest of you folks are.
Okay, here goes: The DMCA specifically exempts common carriers from
liability, but it requires them to forward notices from the infringed party,
which Comcast did.
As a provider of internet service without touching the data (that is,
interpreting its contents), both Comcast and the building itself would
qualify as common carriers.
I think that rather than even suggest torrent blocking software I'll just
give the manager a copy of the DMCA itself, noting the relevant parts.
"Limitation for Transitory Communications
"In general terms, section 512(a) limits the liability of service providers
in
circumstances where the provider merely acts as a data conduit, transmitting
digital
information from one point on a network to another at someone else's
request. This
limitation covers acts of transmission, routing, or providing connections
for the
information, as well as the intermediate and transient copies that are made
automatically
in the operation of a network."
---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com
David Kaye
2014-05-24 22:18:54 UTC
Permalink
Raw Message
Post by Thad Floryan
DILLIGAF? No, because that swarm by definition delays downloads.
It might be useful for folks with slower Internet as the above
parapgraph suggests.
Back in the days of the original Napster, torrents made sense because most
people were still using dialup. Those who were using high speed would be
able to get files faster that way. Today I really don't see much use for
torrents.




---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com
Roy
2014-05-24 23:52:20 UTC
Permalink
Raw Message
Post by David Kaye
Post by Thad Floryan
DILLIGAF? No, because that swarm by definition delays downloads.
It might be useful for folks with slower Internet as the above
parapgraph suggests.
Back in the days of the original Napster, torrents made sense because most
people were still using dialup. Those who were using high speed would be
able to get files faster that way. Today I really don't see much use for
torrents.
That's fine for you but others (myself included) disagree.
David Kaye
2014-05-24 22:09:00 UTC
Permalink
Raw Message
Post by Eli the Bearded
Torrents have non-infringing uses. I downloaded distros of the Slackware
14.0 and 14.1 (one as a DVD ISO, one as multiple CD ISOs) this year by
torrent. I have also gotten several legit (published by maker and out of
copyright) movies by torrent. You probably knew this.
Yeah, that's another problem. I never use torrents because when I need
something I just go to a site that has the file in full and download it from
there. I figure that if they're going to post the entire file then they
don't have bandwidth concerns. That's how I get my Ubuntu updates and my
public domain movies, for instance. The movies for the most part come from
archive.org. I spoke with Brewster Kahle about it and he says that they're
able to stay just ahead of everything, so no worries thus far.
Post by Eli the Bearded
Many torrent tools now include encryption options to thwart deep packet
inspection. I very much doubt that will hide you from your torrent peers,
but it should hide you from everyone inbetween.
Being one of the torrent peers is how I believe the current "grab the IP of
the infringer" identification works.
Yeah, I was thinking that. I think I'll respond to the copyright holder and
to the building manager and say, hey, I've researched everything I could and
I don't see a way to block use.




---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com
Thad Floryan
2014-05-24 00:34:37 UTC
Permalink
Raw Message
Post by David Kaye
Post by Thad Floryan
Googling "how to block bit torrent" found some interesting hits
http://www.imfirewall.us/WFilter.htm P2P blocker
I post here when I'm asking about real world experiences, since I'm already
adept at Google searches.
Hi David,

Your original question piqued my curiosity hence my Googling; I have
zero experience with Bit Torrent because when it was first released
the claim was made it downloads bits and pieces of a complete file
from multiple sites. At that time I felt that was absurd since I've
always downloaded a file using sftp or wget in one shot directly from
the source in the shortest time possible whereas it may take quite some
time (days or weeks) for a bit torrent to download completely depending
what and where the bits and pieces are located and whether those systems
are even powered up all the time.

In other words, I felt bit torrent was a foolish idea.

Since then it appears to be 'the tool of choice' by pirates and all
their acolytes, minions and sycophants to steal books, games, movies
and more.
Post by David Kaye
[...]
Of course, one problem with tracking rather than blocking is the so-what
factor. So what if we know which computer has taken up a huge chunk of
bandwidth? How are we going to warn that user? With 74 apartments, we have
no way of knowing.
Ask Comcast. They obviously have the IP of the cable modem used and
they know where it's located and which Comcast account has that modem
which is why they sent a warning to the building management. I wonder
if they sent a warning to the miscreant also.

Take it one step further and ASK Comcast for the name and apartment
number (it's part of the Comcast account info) of the guy and then
you or the building management visit him and insinuate he'll be
waterboarded or a contract will be placed on his life unless he
ceases using bit torrent for piracy. :-)
Post by David Kaye
So, the only real solution is to block torrents in the
first place,
And now we're back to Deep Packet Inspection to verify the
traffic is bit torrent. Or one can block all P2P traffic
to/from that specific cable modem -- Comcast should be able
to easily do that given how much other control they have
(e.g., flashing cable modem firmware remotely, throttling, etc.)
Post by David Kaye
and if WFilter does it effectively it's going to be a bit of a
learning curve for me to find out how it works and how to deploy it without
blocking legitimate traffic from users that might be using gaming ports,
teleconferencing software, employer databases, and the like.
That's exactly the problem since most P2P apps are legit whereas
bit torrent is questionable and so we're back again to Deep Packet
Inspection to avoid false positives.

FWIW, Dell bought SonicWall within the past 2 years. I've been
using SonicWall since 1995 for installation at client, customer,
employer, and my own home office though I now have a different
VPN Security Router due to price and also Gigabit capability.

All the new SonicWall appliances have Gigabit and they're
readily available at Amazon, Newegg, and more but Frys doesn't
seem to carry that line per their website search engine.

Thad
Post by David Kaye
---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com
Keith Keller
2014-05-24 00:45:01 UTC
Permalink
Raw Message
Post by Thad Floryan
Since then it appears to be 'the tool of choice' by pirates and all
their acolytes, minions and sycophants to steal books, games, movies
and more.
...such as legally distributing open source software.

https://help.ubuntu.com/community/BitTorrent

"Ubuntu bittorrent files can be found at http://releases.ubuntu.com/ or
at http://torrent.ubuntu.com"
Post by Thad Floryan
Ask Comcast. They obviously have the IP of the cable modem used and
they know where it's located and which Comcast account has that modem
which is why they sent a warning to the building management. I wonder
if they sent a warning to the miscreant also.
It seems more likely that the entire building is on one account.
Otherwise the building management would not be a Comcast customer, and
therefore not liable for the actions of its residents on the Comcast
network.
Post by Thad Floryan
Take it one step further and ASK Comcast for the name and apartment
number (it's part of the Comcast account info) of the guy and then
you or the building management visit him and insinuate he'll be
waterboarded or a contract will be placed on his life unless he
ceases using bit torrent for piracy. :-)
Depending on how their network is configured, it may or may not be part
of the Comcast account info.
Post by Thad Floryan
That's exactly the problem since most P2P apps are legit whereas
bit torrent is questionable and so we're back again to Deep Packet
Inspection to avoid false positives.
Bittorrent *is* a P2P app.

https://en.wikipedia.org/wiki/BitTorrent

"BitTorrent is a protocol supporting the practice of peer-to-peer file
sharing that is used to distribute large amounts of data over the
Internet."

--keith
--
kkeller-***@wombat.san-francisco.ca.us
(try just my userid to email me)
AOLSFAQ=http://www.therockgarden.ca/aolsfaq.txt
see X- headers for PGP signature information
Thad Floryan
2014-05-24 01:23:39 UTC
Permalink
Raw Message
Post by Keith Keller
Post by Thad Floryan
Since then it appears to be 'the tool of choice' by pirates and all
their acolytes, minions and sycophants to steal books, games, movies
and more.
...such as legally distributing open source software.
Hi Keith,

See below: I wrote "most P2P apps are legit whereas bit torrent is
questionable " which implies I know that bit torrent is a P2P app
but most of the news appearing about bit torrent regards piracy
since there isn't a complete single copy of "whatever" at one site
as there would be, for example, a copy of "American Practical Navigator"
which is a large file but downloads in seconds using wget over a fast
Internet connection such as my Comcast service:

http://msi.nga.mil/MSISiteContent/StaticFiles/NAV_PUBS/APN/pub9.zip
Post by Keith Keller
[...]
Post by Thad Floryan
Ask Comcast. They obviously have the IP of the cable modem used and
they know where it's located and which Comcast account has that modem
which is why they sent a warning to the building management. I wonder
if they sent a warning to the miscreant also.
It seems more likely that the entire building is on one account.
Doesn't make sense even only for billing. Some of the building's residents
may have Comcast's eleventy-seven bazillion channels of TV and some others,
perhaps the miscreant about which David wrote, have Xfinity Internet service
only like I do -- I don't watch TV.
Post by Keith Keller
[...]
Post by Thad Floryan
Take it one step further and ASK Comcast for the name and apartment
number (it's part of the Comcast account info) of the guy and then
you or the building management visit him and insinuate he'll be
waterboarded or a contract will be placed on his life unless he
ceases using bit torrent for piracy. :-)
Depending on how their network is configured, it may or may not be part
of the Comcast account info.
The specific cable modem is easily identifiable and its location
is known in the miscreant's account so if Comcast rolls a truck
they'll know in which apartment the modem connection is located
same as how telcos "mostly" know where their lines terminate.

This is not rocket science for Comcast.
Post by Keith Keller
Post by Thad Floryan
That's exactly the problem since most P2P apps are legit whereas
bit torrent is questionable and so we're back again to Deep Packet
Inspection to avoid false positives.
Bittorrent *is* a P2P app.
As I wrote above, I both knew and know that and I also wrote
bit torrent is QUESTIONABLE (vs. LEGIT as are most P2P apps) due
to bit torrent being used so widely for theft over the Internet.

Thad
Keith Keller
2014-05-24 02:15:32 UTC
Permalink
Raw Message
Post by Thad Floryan
See below: I wrote "most P2P apps are legit whereas bit torrent is
questionable " which implies I know that bit torrent is a P2P app
You say things like "I know" when you clearly do not.
Post by Thad Floryan
Doesn't make sense even only for billing. Some of the building's residents
may have Comcast's eleventy-seven bazillion channels of TV and some others,
perhaps the miscreant about which David wrote, have Xfinity Internet service
only like I do -- I don't watch TV.
All of the residents may have the same package if the building manager
provides the same package to every unit as part of their rent.
Post by Thad Floryan
The specific cable modem is easily identifiable and its location
is known in the miscreant's account so if Comcast rolls a truck
they'll know in which apartment the modem connection is located
same as how telcos "mostly" know where their lines terminate.
The cable modem is of course easily identifiable, but if (for example)
the building has one or a handful of centralized modems which serve the
entire building then the exact unit may not be identifiable.
Post by Thad Floryan
bit torrent is QUESTIONABLE (vs. LEGIT as are most P2P apps) due
to bit torrent being used so widely for theft over the Internet.
Cars are widely used as getaway vehicles for crimes. Would you call
them "QUESTIONABLE"? Multiple people have already cited legitimate uses
of BitTorrent, yet you persist in believing that it's the software's
fault that people misuse it.

--keith
--
kkeller-***@wombat.san-francisco.ca.us
(try just my userid to email me)
AOLSFAQ=http://www.therockgarden.ca/aolsfaq.txt
see X- headers for PGP signature information
Thad Floryan
2014-05-24 04:03:53 UTC
Permalink
Raw Message
Post by Keith Keller
Post by Thad Floryan
See below: I wrote "most P2P apps are legit whereas bit torrent is
questionable " which implies I know that bit torrent is a P2P app
You say things like "I know" when you clearly do not.
Bad assumption.
Post by Keith Keller
Post by Thad Floryan
Doesn't make sense even only for billing. Some of the building's residents
may have Comcast's eleventy-seven bazillion channels of TV and some others,
perhaps the miscreant about which David wrote, have Xfinity Internet service
only like I do -- I don't watch TV.
All of the residents may have the same package if the building manager
provides the same package to every unit as part of their rent.
Bad assumption. What about pay for view? How would that be billed?
I really don't know since I've never been a part of any community
billing scam, er, scheme.
Post by Keith Keller
Post by Thad Floryan
The specific cable modem is easily identifiable and its location
is known in the miscreant's account so if Comcast rolls a truck
they'll know in which apartment the modem connection is located
same as how telcos "mostly" know where their lines terminate.
The cable modem is of course easily identifiable, but if (for example)
the building has one or a handful of centralized modems which serve the
entire building then the exact unit may not be identifiable.
That really doesn't make sense given the assumed vastly variable usage
patterns of any group of people such as Internet-only or movies/TV-only
viewers.

A friend in Reno (whom I just called to get this info) who lives in a
community of apartments and every single apartment has its own cable modem
and everyone is billed separately by Charter for Internet-only noting that
for movies and such the apartment management bills the residents directly
because it's a different contract deal with Charter Cable. My friend,
like me, is Internet-only.
Post by Keith Keller
Post by Thad Floryan
bit torrent is QUESTIONABLE (vs. LEGIT as are most P2P apps) due
to bit torrent being used so widely for theft over the Internet.
Cars are widely used as getaway vehicles for crimes. Would you call
them "QUESTIONABLE"?
No, that's a bad example. It's fairly well known bit torrent is a
tool favored by pirates and arguably they're the biggest user group
of bit torrent.
Post by Keith Keller
Multiple people have already cited legitimate uses
of BitTorrent, yet you persist in believing that it's the software's
fault that people misuse it.
Misuse it for piracy which is exactly the circumstances cited at the
beginning of this thread by David.

I regularly download 300MB to 5 GB ISOs using wget and wget will
never arouse suspicion even though wget can also download new books
as PDFs found by a simple Google search before the books appear on
bookstore's shelves.

Mention "bit torrent" and people's eyebrows will rise up wondering
what's being pirated now and the fact bit torrent can be also used
to download Linux distro ISOs likely won't even enter their minds.

Many tools can be used for both good and evil.

Face it, bit torrent is tainted due to pirate activities which are
frequently featured in news articles.

My other main dislike of bit torrent is that it's an incredibly
complex software suite to do what a straightforward direct download
does better and faster in every situation of downloading I've done
since the 1970s.

Thad
Keith Keller
2014-05-24 04:12:25 UTC
Permalink
Raw Message
Post by Thad Floryan
Many tools can be used for both good and evil.
Which is exactly my point.

--keith
--
kkeller-***@wombat.san-francisco.ca.us
(try just my userid to email me)
AOLSFAQ=http://www.therockgarden.ca/aolsfaq.txt
see X- headers for PGP signature information
Thad Floryan
2014-05-24 05:17:41 UTC
Permalink
Raw Message
Post by Keith Keller
Post by Thad Floryan
Many tools can be used for both good and evil.
Which is exactly my point.
Hi Keith,

I have to do food shopping this weekend at my local Lucky
supermarket because we're having a large neighborhood BBQ
on Monday (Memorial Day).

I know many of the Lucky employees on a first-name basis
as I do know the neighbors' names.

For fun, I'm going to ask them all what pops into their head
the moment I say "bit torrent".

It's an informal and unstructured survey and it should be
very interesting to tally the responses.

Thad
Thad Floryan
2014-05-24 05:51:26 UTC
Permalink
Raw Message
Googling "comparison of speed of bit torrent versus direct download"
finds:

Direct Download Vs. Torrent? - Yahoo Answers
https://answers.yahoo.com/question/index?qid=20100909171452AAvUxLE

where we see:

" I am not to sure about if its easier to be tracked when using
" direct downloads v torrents. But from my experience direct
" downloads are much better. When i used to download torrents my
" ISP used to send me constantly letters informing me my internet
" connection was being used to download illegal content through
" torrents.
"
" So i switched to direct downloads through sites such as
" rapidshare, and used forums such as Warez-BB to find links. Here
" is what i found.
"
" Could download at my internets full speed, as compared to torrets
" where it depends on seeders and leaches.
"
" Didn't have to seed once direct download is completed.
"
" Can use any browser to download direct downloads, where as
" torrents need torrent software.
"
" And most importantly my ISP stopped contacting me.

and

" Direct Download is better and fast. You can download torrent as
" direct download using zbigz.com. you can visit
" http://www.thehelptimes.com/download-torrents-as-a-direct-download/. if
" you find any difficulty in using zbigz.com.

Most of the other results were either blank pages or didn't supply
any reasonable comparisons such as these three:

Is Bittorrent Faster Than Direct - Calise & Company
http://www.caliseandcompany.com/is-bittorrent-faster-0b0e3-than-direct

Is Bittorrent Faster Than Direct - Blu
http://www.blu.bo/is-bittorrent-60035-faster-than-direct

Which is faster direct downloading or torrents - Wiki Answers
http://wiki.answers.com/Q/Which_is_faster_direct_downloading_or_torrents

FWIW, I'm sticking with direct downloads using wget because the dates/times
are preserved on files, I have a log of the downloads, and I typically get
3+MB/S using wget for the downloads.

Thad
Thad Floryan
2014-05-24 04:58:11 UTC
Permalink
Raw Message
A person contacted me via email regarding this thread. The quoted ">"
lines are that person's comments.
When you pay Comcast for a service you receive a cable modem or a
set-top tv box that's unique.
Or, as in my case, I supplied the original DOCSIS 2.0 modem in
2008 and I supplied the replacement DOCSIS 3.0 modem in 2013 when
I wanted faster Internet speeds.
Comcast knows that the modem/box is out there but they don't know
where it is.
Based on the subnet mask, Comcast has groups of 512 modems/boxes
with the subnet mask being 255.255.252.0 which implies they know the
geographical constraints within which is located the modem/box.
They can only assume that the account holder is where
they had done the install or where the customer said he was if a
self-install.
Which is a reasonable assumption if the user expects any future
repair services or modem/box replacements.
Comcast can't prove who's using the modem
That's true. It could be a burglar who broke into a house or
apartment.
... or where it is other
knowing that the upstream traffic is coming from a range of
addresses assigned to a geographical area. Perhaps many hundreds.
Up to 512 (actually 509) addresses in a given segment of the cable
infrastructure in a given area, say 5-10 acres for surburbia and less
for denser inner-city hookups.
Going after the apartment building is hoping to get lucky.
When, in fact, they know who the person is because that person is
either paying automatically from a bank account or is writing checks
each month; I don't believe Comcast deals with cash payments.

As David Kaye wrote in the article which began the thread:

[...]
The manager of an apartment building I administer (74 units)
got a notice from Comcast stating that Bit Torrent was used
to download "Game of Thrones".
[...]

In other words, Comcast KNEW that bit torrent was being used and
Comcat KNEW what was being pirated.

Comcast should have simply killed the connection since the miscreant
was breaking the law.

The answer to David's original posting is to ask Comcast to stop
the bit torrent user since they clearly have the means to do so.

Thad
Keith Keller
2014-05-24 05:27:11 UTC
Permalink
Raw Message
Post by Thad Floryan
A person contacted me via email regarding this thread. The quoted ">"
lines are that person's comments.
When you pay Comcast for a service you receive a cable modem or a
set-top tv box that's unique.
And who, exactly, is "you"? If, as I already posited, the building
manager provides internet for the entire building, it is possible that
there is a pool of one or more modems at or near the CPOE. If that is
accurate (and only the OP can say for sure) then there is no way for
Comcast to know who is pirating GoT.
Post by Thad Floryan
In other words, Comcast KNEW that bit torrent was being used and
Comcat KNEW what was being pirated.
Of course--it's easy to analyze the packets coming over your network.
But if the building is networked as above, they can't trace packets
farther back than the centralized cable modems.
Post by Thad Floryan
The answer to David's original posting is to ask Comcast to stop
the bit torrent user since they clearly have the means to do so.
And, again, if the building is networked as above, they do not have the
means of disconnecting one unit in the building. And if instead each
unit has its own account, how would Comcast even know to contact the
building manager? And why would they even bother, when as you point
out it would be trivial for them to cut off the offender?

Since we don't know exactly what the relationship is between Comcast and
the building manager, there's no way to say for sure without more
information.

--keith
--
kkeller-***@wombat.san-francisco.ca.us
(try just my userid to email me)
AOLSFAQ=http://www.therockgarden.ca/aolsfaq.txt
see X- headers for PGP signature information
Thad Floryan
2014-05-24 06:16:15 UTC
Permalink
Raw Message
Post by Keith Keller
Post by Thad Floryan
A person contacted me via email regarding this thread. The quoted ">"
lines are that person's comments.
When you pay Comcast for a service you receive a cable modem or a
set-top tv box that's unique.
And who, exactly, is "you"? If, as I already posited, the building
manager provides internet for the entire building, it is possible that
there is a pool of one or more modems at or near the CPOE. If that is
accurate (and only the OP can say for sure) then there is no way for
Comcast to know who is pirating GoT.
Hi Keith,

Information is missing; David didn't describe the apartment building's
infrastructure.
Post by Keith Keller
Post by Thad Floryan
In other words, Comcast KNEW that bit torrent was being used and
Comcat KNEW what was being pirated.
Of course--it's easy to analyze the packets coming over your network.
But if the building is networked as above, they can't trace packets
farther back than the centralized cable modems.
Isn't bit torrent and all its leeches' clients and whatever else is
involved all encrypted? That was my understanding and why it is so
popular among the pirate crowd.

This (knowing it was bit torrent traffic and being able to identify
what's being torrented) reveals that Comcast has broken the bit torrent
encryption and is able to ascertain that it is, in fact, bit torrent
and the name(s) of the items being torrented.

Such much for privacy on the Internet. :-)
Post by Keith Keller
Post by Thad Floryan
The answer to David's original posting is to ask Comcast to stop
the bit torrent user since they clearly have the means to do so.
And, again, if the building is networked as above, they do not have the
means of disconnecting one unit in the building. And if instead each
unit has its own account, how would Comcast even know to contact the
building manager? And why would they even bother, when as you point
out it would be trivial for them to cut off the offender?
Since we don't know exactly what the relationship is between Comcast and
the building manager, there's no way to say for sure without more
information.
Correct. We'll have to wait for David to supply more information
because all our speculations are guesses.

In the case of my Reno friend, his and all the other dwellers' Charter
Internet-only Cable service is billed directly to them at their addresses.

The apartment complex itself has a contract with Charter and, presumably
(my friend doesn't know since he doesn't have cable TV) those using cable
TV are proportionately billed at a discount rate for whatever service(s)
the contract states (e.g., a bundle of services such as ShowTime, sports,
NetFLix, porn, whatever).

Thad
David Kaye
2014-05-24 22:16:31 UTC
Permalink
Raw Message
Post by Thad Floryan
Doesn't make sense even only for billing. Some of the building's residents
may have Comcast's eleventy-seven bazillion channels of TV and some others,
perhaps the miscreant about which David wrote, have Xfinity Internet service
only like I do -- I don't watch TV.
The entire building is on one 75Mbps commercial Comcast account and
distributed via 5 wireless access points (soon to be 8) and 2 Ethernet
connections.




---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com
Roy
2014-05-27 05:13:15 UTC
Permalink
Raw Message
Post by David Kaye
...
The entire building is on one 75Mbps commercial Comcast account and
distributed via 5 wireless access points (soon to be 8) and 2 Ethernet
connections.
You could use managed switches for the ethernet and use WPA2 EAP for
wireless. That would give you the MAC addresses that are used. A log
of DHCP addresses that are assigned would then correlate the MAC to the IP.
David Kaye
2014-05-27 10:33:08 UTC
Permalink
Raw Message
Post by Roy
You could use managed switches for the ethernet and use WPA2 EAP for
wireless. That would give you the MAC addresses that are used. A log of
DHCP addresses that are assigned would then correlate the MAC to the IP.
Good idea so far, except that the computers are all wireless, except for 2
in a rec room, and thus can't be tracked down without a warrant to inspect
every computer on the premises. The best we could do is isolate to a
particular floor or wing of a floor, assuming that the person connected
using the closest WAP, which isn't always the case.

This is why I was asking about the state of torrent blocking software. But,
as what's available looks unlikely to work reliably anyway, I don't see a
fix as being possible.

I'm sending the DMCA info to the building manager and will probably just
ignore the threatening letter (as most folks do).




---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com
Roy
2014-05-27 13:26:41 UTC
Permalink
Raw Message
Post by David Kaye
Post by Roy
You could use managed switches for the ethernet and use WPA2 EAP for
wireless. That would give you the MAC addresses that are used. A log of
DHCP addresses that are assigned would then correlate the MAC to the IP.
Good idea so far, except that the computers are all wireless, except for 2
in a rec room, and thus can't be tracked down without a warrant to inspect
every computer on the premises. The best we could do is isolate to a
particular floor or wing of a floor, assuming that the person connected
using the closest WAP, which isn't always the case.
...
You missed the use of WPA2 EAP. Using that, each tenant is given his
own wireless key. That allows you to identify a computer to the
particular tenant.

The alternative to WPA2 EAP would be a splash page like many hotels use.
Anyone connecting is directed to the splash page where they have to
enter some info to gain access. Many hotels ask for the room number and
last name.
David Kaye
2014-05-27 20:51:49 UTC
Permalink
Raw Message
You missed the use of WPA2 EAP. Using that, each tenant is given his own
wireless key. That allows you to identify a computer to the particular
tenant.
Yeah, you're right, I skipped right over that. I've never set up EAP
before, so I'll have to do some looking around.
The alternative to WPA2 EAP would be a splash page like many hotels use.
Anyone connecting is directed to the splash page where they have to enter
some info to gain access. Many hotels ask for the room number and last
name.
A cafe that I also service has one of these authentication systems from an
outside vendor who is charging them $100 a month. They're supposed to
provide the cafe with passcodes but haven't done so. However, the open
system they're running right now does have a splash screen warning users
about downloading illegal content, etc. I'll have to contact the building
manager and see how far he wants to go with all this.




---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com
Jeff Liebermann
2014-05-28 16:58:22 UTC
Permalink
Raw Message
On Tue, 27 May 2014 13:51:49 -0700, "David Kaye"
Post by David Kaye
However, the open
system they're running right now does have a splash screen warning users
about downloading illegal content, etc. I'll have to contact the building
manager and see how far he wants to go with all this.
Yeah, that works as well as a speed limit sign for slowing down road
traffic. I think the best sales pitch would be that you want to
identify who's on the network, and what manner of traffic they're
moving. The simple knowledge that big brother (that's you) is
watching, should be sufficient to discourage most forms of abuse. If
that doesn't get their attention, having a known abuser walk the plank
off the rootop should be a sufficient deterrent (enforcement by
example).
--
Jeff Liebermann ***@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558
David Kaye
2014-05-28 20:08:04 UTC
Permalink
Raw Message
[....] The simple knowledge that big brother (that's you) is
watching, should be sufficient to discourage most forms of abuse. If
that doesn't get their attention, having a known abuser walk the plank
off the rootop should be a sufficient deterrent (enforcement by
example).
What's funny about all of this is that I don't even care. It's "Game of
Thrones", a program I know nothing about nor care to know about. And the
copyright owners are billion dollar companies. And I'm supposed to look
into enforcing all this just so Time Warner et al can declare an extra half
cent dividend or add a couple million $ bonus to the CEO's salary.




---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com

Jeff Liebermann
2014-05-27 18:00:12 UTC
Permalink
Raw Message
On Tue, 27 May 2014 03:33:08 -0700, "David Kaye"
Post by David Kaye
Good idea so far, except that the computers are all wireless, except for 2
in a rec room, and thus can't be tracked down without a warrant to inspect
every computer on the premises. The best we could do is isolate to a
particular floor or wing of a floor, assuming that the person connected
using the closest WAP, which isn't always the case.
You're not evil enough. What I used to do when I was in the enforcer
business was just block the connection by MAC address and wait for the
inevitable phone call. After some discussion about why they couldn't
connect with one specific computer, I casually mention that the logs
show considerable P2P activity prior to the loss of connectivity. I
usually don't need to say much more after that.

Roy has the right hide with WPA2 EAP. However, I prefer a RADIUS
server. Each user has their own unique login and password.
<http://freeradius.org>
All this won't block P2P, but will identify who's doing it.
--
Jeff Liebermann ***@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558
David Kaye
2014-05-27 20:54:45 UTC
Permalink
Raw Message
Post by Jeff Liebermann
You're not evil enough. What I used to do when I was in the enforcer
business was just block the connection by MAC address and wait for the
inevitable phone call.
Hmmm...that's an idea.
Post by Jeff Liebermann
Roy has the right hide with WPA2 EAP. However, I prefer a RADIUS
server. Each user has their own unique login and password.
<http://freeradius.org>
All this won't block P2P, but will identify who's doing it.
Yeah, it might have to be a RADIUS server after all. I'll start looking
into it.




---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com
Roy
2014-05-28 04:32:23 UTC
Permalink
Raw Message
Post by David Kaye
Post by Jeff Liebermann
You're not evil enough. What I used to do when I was in the enforcer
business was just block the connection by MAC address and wait for the
inevitable phone call.
Hmmm...that's an idea.
Post by Jeff Liebermann
Roy has the right hide with WPA2 EAP. However, I prefer a RADIUS
server. Each user has their own unique login and password.
<http://freeradius.org>
All this won't block P2P, but will identify who's doing it.
Yeah, it might have to be a RADIUS server after all. I'll start looking
into it.
Mikrotik routers can have a radius server loaded: Example

http://myconfigure.blogspot.com/2013/05/mikrotik-user-manager-as-radius-server.html

Manual here

http://wiki.mikrotik.com/wiki/Manual:User_Manager

As I remember I tested it with a Ubiquiti WAP and Mikrotik user manager
Keith Keller
2014-05-28 04:38:25 UTC
Permalink
Raw Message
Post by Roy
Mikrotik routers can have a radius server loaded: Example
I'm pretty sure both DD-WRT and OpenWRT have RADIUS support.

--keith
--
kkeller-***@wombat.san-francisco.ca.us
(try just my userid to email me)
AOLSFAQ=http://www.therockgarden.ca/aolsfaq.txt
see X- headers for PGP signature information
Jeff Liebermann
2014-05-28 16:55:31 UTC
Permalink
Raw Message
On Tue, 27 May 2014 21:38:25 -0700, Keith Keller
Post by Keith Keller
Post by Roy
Mikrotik routers can have a radius server loaded: Example
I'm pretty sure both DD-WRT and OpenWRT have RADIUS support.
--keith
Any wireless access point (or router) that supports
WPA/WPA2-Enterprise will work with a RADIUS server. I would be hard
pressed to find one that does NOT support a RADIUS server. More
specifically, the enterprise part means that the per session
encryption key is delivered by the RADIUS server, and not by the
client computer. This eliminates a giant security problem, where
everyone ends up with the WPA/WPA2 key if it's leaked.

There are also various online RADIUS services. The big problem is
that if the internet goes down, so does your authentication.
<http://www.enterprisenetworkingplanet.com/netsecur/article.php/3917546/Seven-Free-or-LowCost-RADIUS-Servers-for-Your-Enterprise-Network.htm>
You can probably get a start with one of these services, while you buy
time to build your own server.
--
Jeff Liebermann ***@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558
Roy
2014-05-28 18:34:44 UTC
Permalink
Raw Message
Post by Jeff Liebermann
On Tue, 27 May 2014 21:38:25 -0700, Keith Keller
Post by Keith Keller
Post by Roy
Mikrotik routers can have a radius server loaded: Example
I'm pretty sure both DD-WRT and OpenWRT have RADIUS support.
--keith
Any wireless access point (or router) that supports
WPA/WPA2-Enterprise will work with a RADIUS server. I would be hard
pressed to find one that does NOT support a RADIUS server. More
specifically, the enterprise part means that the per session
encryption key is delivered by the RADIUS server, and not by the
client computer. This eliminates a giant security problem, where
everyone ends up with the WPA/WPA2 key if it's leaked.
There are also various online RADIUS services. The big problem is
that if the internet goes down, so does your authentication.
<http://www.enterprisenetworkingplanet.com/netsecur/article.php/3917546/Seven-Free-or-LowCost-RADIUS-Servers-for-Your-Enterprise-Network.htm>
You can probably get a start with one of these services, while you buy
time to build your own server.
The list of routers mention were those that had support for a Radius
Server on the router. They also work with other WAPs so you aren't
restricted to using that router/software everywhere

No need to rely on the cloud for Radius
David Kaye
2014-05-24 22:14:03 UTC
Permalink
Raw Message
Post by Keith Keller
It seems more likely that the entire building is on one account.
Otherwise the building management would not be a Comcast customer, and
therefore not liable for the actions of its residents on the Comcast
network.
This is true. I put the entire building on a 75Mbps Comcast commercial
account. Short of tracking MAC addresses and getting court orders to
inspect the MAC addresses of every computer I don't see how it's even
possible to track someone down. Not only that, but it's not my/our
responsibility to do so, anyway.




---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com
Roy
2014-05-24 22:21:46 UTC
Permalink
Raw Message
I think its funny that we all want "Net Neutrality" and then turn around
and talk about blocking BitTorrent.
David Kaye
2014-05-26 19:11:49 UTC
Permalink
Raw Message
Post by Roy
I think its funny that we all want "Net Neutrality" and then turn around
and talk about blocking BitTorrent.
Personally, I don't care one way or the other. However, in my professional
job I am obligated to search out answers for my customer who is freaked out
about getting a copyright violation notice from Comcast and a threat by them
to cut off internet service.

I'm doubting that there is anything that can be done about torrents, but I'm
checking here just in case I'm not up to date on the latest. Now I can go
back to the hotel manager as well as to the copyright holder and tell them,
hey look, I looked for the latest info from people in the trenches, and the
consensus is that there is nothing I can do to block Bit Torrent or other
torrents.




---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com
Keith Keller
2014-05-25 03:07:33 UTC
Permalink
Raw Message
Post by David Kaye
This is true. I put the entire building on a 75Mbps Comcast commercial
account. Short of tracking MAC addresses and getting court orders to
inspect the MAC addresses of every computer I don't see how it's even
possible to track someone down. Not only that, but it's not my/our
responsibility to do so, anyway.
Of course Comcast wouldn't bother taking things that far, but they could
certainly terminate the building's service.

--keith
--
kkeller-***@wombat.san-francisco.ca.us
(try just my userid to email me)
AOLSFAQ=http://www.therockgarden.ca/aolsfaq.txt
see X- headers for PGP signature information
David Kaye
2014-05-24 22:12:05 UTC
Permalink
Raw Message
Post by Thad Floryan
Hi David,
Your original question piqued my curiosity hence my Googling; I have
zero experience with Bit Torrent [....]
Okay, sorry. It's just that so many times I've posted things here and
people respond with Google links, which really does me no good.
Post by Thad Floryan
In other words, I felt bit torrent was a foolish idea.
Personally I don't see a need for torrents, either. It seems that for any
legitimate files there will always be someone or some organization willing
to foot the bill to pay for the bandwidth to download it in full. And with
today's speeds I don't see that torrents are any faster than conventional
downloads. I maybe wrong, but when I can pull down a 770MB Ubuntu update in
a couple minutes I'm not terribly worried about speed.




---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com
sms
2014-05-24 05:36:29 UTC
Permalink
Raw Message
Post by David Kaye
I'm not up on current Bit Torrent technologies, but last I checked there was
no way to effectively block Bit Torrent.
The manager of an apartment building I administer (74 units) got a notice
from Comcast stating that Bit Torrent was used to download "Game of
Thrones". I'm aware that these issues usually just end with the notice
being sent. Even so, my customer wants to be reassured that I'm doing
everything I can do to help stop this file piracy.
As I understand it, Bit Torrent and other torrents can and do use any port
they wish, including those below 1024, and thus there is probably no
practical way to prevent torrents from bsing used. Also, filtering via MAC
address is impractical, given the large number of computers involved.
Is there any kind of (not too expensive) firewalling available that
addresses this issue?
No. But read
<http://kb.kerio.com/product/kerio-control/content-filtering/eliminating-peer-to-peer-traffic-1526.html>.
They make an effort but admit that it's not possible to detect all P2P
or to avoid false positives. And it's not cheap.
David Kaye
2014-05-26 19:22:52 UTC
Permalink
Raw Message
Post by sms
No. But read
<http://kb.kerio.com/product/kerio-control/content-filtering/eliminating-peer-to-peer-traffic-1526.html>.
They make an effort but admit that it's not possible to detect all P2P or
to avoid false positives. And it's not cheap.
Thanks. This is nice and concise. Looking at the pricing, the main product
seems to be $300 a year plus $32 per user above 5, or I guess a grand total
of $2507 a year, or over $200 a month just for protection that the company
admits may not work.

This is one of the links I'll provide to the manager and possibly to the
copyright holder.




---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com
Jeff Liebermann
2014-05-24 14:56:58 UTC
Permalink
Raw Message
On Fri, 23 May 2014 12:14:47 -0700, "David Kaye"
Post by David Kaye
The manager of an apartment building I administer (74 units) got a notice
from Comcast stating that Bit Torrent was used to download "Game of
Thrones". I'm aware that these issues usually just end with the notice
being sent. Even so, my customer wants to be reassured that I'm doing
everything I can do to help stop this file piracy.
Is there any kind of (not too expensive) firewalling available that
addresses this issue?
As Thad mentioned, it would be helpful if you described the existing
system.

Which issue? The excessive incoming traffic? The possibly exessive
outgoing traffic? The downloading of pirated software? The violation
of the ToS?

Excessive incoming and outgoing traffic can best be handled with
logging (and graphing) software such as MRTG, RRDtool, Nagios, etc.
These can track aggreagate traffic by MAC address, IP address, or as I
like to do, ethernet managed switch port number. If the apartment
user plugs his router into a port on an ethernet switch, it can be
monitored. However, that would not stop a user from changing their
MAC or IP address.

If the apartment building uses Wi-Fi to distribute internet, things
become more complexicated. A wireless LAN switch system:
<http://www.connect802.com/wireless_switch.htm>
is needed along with a RADIUS server forcing each user to login before
using the service. This allows tracking and monitoring by user, not
by device. This has the added bonus of keeping the neighbors out of
the system. With 74 ports, such a system will be rather expensive.

The biggest expense is not in the hardware, but in the time it takes
for a qualified person to inspect the logs/graphs and look for signs
of abuse. For example, comparing the date/time of the alleged abuse
from Comcast, with the traffic logs, will probably identify the
culprit. However, that takes considerable time, effort, and
expertise. Do you really want to act as enforcer? I don't.

An expert P2P user will NOT show any obvious traffic patterns.
However, the overwhelming number of BitTorrent users use the default
port numbers and config. For example, BitTorrent tends to open a
large number of simultaneous incoming streams, which can be detected.
It also tends to generate some simultaneous outgoing traffic, which
can also be seen.

I don't think there's anything one can economically do to seperate
legal and illegal P2P activity. With the addition of encryption and
BitTorrent sync:
<http://en.wikipedia.org/wiki/BitTorrent_protocol_encryption>
<http://www.bittorrent.com/sync>
seperating the good from the bad is probably impossible by pattern
analysis.

Detecting Torrents Using Snort
<http://www.sans.org/reading-room/whitepapers/detection/detecting-torrents-snort-33144>
--
Jeff Liebermann ***@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558
Loading...