So I’m taking on a job at an apartment complex to stop one of the tenants from pirating movies over the free WIFI. It turns out that blocking p2p traffic isn’t as easy as it seemed, and so I need some ideas on how I could possibly identify and stop the traffic. Keep in mind I’m working on a network with a few AP’s but only one computer in one office. A very small, simple network and I’m sure the AP’s aren’t very flashy either, they just had the ISP come set them up and leave 'em.
It would be great if I could get at least semi-specific answers, like at least enough to google off of, lol.
yeah, p2p usually uses a random port every time. so blocking torrents completely is hard to do.
If you end up blocking it, they can just as easily use a vpn and get past it. So, I wouldn't have told my employer(if I was in your position) that I could stop it. You could ban their MAC address, but that can be easily faked as well.
What are you trying to solve though? Bandwith problems? Use QoS for each connected client to the AP's Legal issues? Use a Splash page that has a ToS each client has to agree to.
here's some guide, how to use ACL's (its cisco, but you should be able to employ similar stuff on different models...) as mentioned you might need to create advanced acl's - its 15min work.
you can also just lookup how to block p2p traffic... its still going to be acl rules.
@anon5205053 Thanks! It turns out the suspected person doing this was the person who set up their network. He's since been fired but he has copies of keys and they didn't know how to run the network so they had me change all the passwords and recovery questions so he couldn't access the AP's like they have suspected him of doing.
She might still have me come back and block the trackers (so now I know how to do that! thanks!) but apparently whoever it was was using Bittorent over Tor.
I got paid $150, and a valuable addition to my resume :)
Yeah, but also you could get the router to recognize the MAC address and cripple the speed to that client only. An elaborate or unusual solution may not be needed if its just a basic user that knows how to torrent and not much else.
If you block UDP above 1024 that will all but stop torrents. Yes you can set your port to anything you want and yes you can use TCP, but that doesn't matter because everyone else will be using a high UDP port, so blocking that will effectively stop the torrent traffic.
Of course they can get around that by using a vpn, but if they do that then you don't have to worry about getting copyright notices. You still have the bandwidth usage though if that's the problem.
You mean "to provide professional network security consultation and implementation"
It's all in how you word it.
I stack and unstack boxes for a living, but on my resume I'm a shipping professional with 5+ years experience in coordinating/performing warehouse logistics operations.
Hey, he's just telling them what they want to hear. If they can't see through his bullshit, that's their problem.
Also, changing all the passwords (to stronger ones) and recovery questions probably would've solved this. ACLs aren't secure. As many in this thread said, MAC addresses can easily be spoofed. As was also suggested, if you wanted to have a little fun with them, throttle their bandwidth.
@eidolonFIRE It's not like I DON'T know how to do more in-depth shit. But in my situation getting an interview is all about what's on your resume in the first place. Sure maybe they'll realize my only experience is something simple but that doesn't mean I'm not capable of doing something more complex. But for the most part I need to land an interview to let them know that in the first place. Otherwise how is anyone supposed to get a job anywhere starting out. Everyone wants experience and no one cares that you're in college and NEED OPPORTUNITIES FOR EXPERIENCE.
Oh, I know. I was in that place only 2 years ago. I'm all too aware.
I'm just saying be mindful to not over inflate otherwise it will have a detrimental effect. If it's painfully obvious that you BS, they won't take you seriously because in their mind you're a bullshitter.