dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1615
share rss forum feed

tomdlgns
Premium
join:2003-03-21
Chicago, IL
kudos:1

block torrents, usenet, etc...

i purchased a usg50 to setup in a bar/grill business and i dont want users taking advantage of my IP/bandwidth.

i dont want them using their laptops to download music/movies/tv shows, etc...off of my connection (using my IP).

how to i block usenet/p2p?

i am using openDNS, which does a good job of filtering by domain name, but it stops there.

thanks.


Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:11
AppPatrol is designed for this. Get a free trial 2 month subscription and give it a test run.


mozerd
Light Will Pierce The Darkness
Premium,MVM
join:2004-04-23
Nepean, ON
reply to tomdlgns
Download the Application Notes for the v3 firmware and under section Scenario 5 - Deploying Content Filtering to Manage Employee Browsing Behavior found under Page 27 .... the section deals with how to block torrents etc ..... The Content Filtering subscription makes it very easy ....

be aware that once you add more subscriptions service [more than one] the USG 50 if under heavy load does not have the horsepower to be effective IMO. under light loads not an issue.
--
David Mozer
IT-Expert on Call
Information Technology for Home and Business

tomdlgns
Premium
join:2003-03-21
Chicago, IL
kudos:1
reply to tomdlgns
is there a way to do this w/o subscribing to a service?

for my setup/amount of guests, i don't expect to have any issues. on a larger network, do you guys recommend the USG 100?

however, a friend of mine (larger business) is looking to mirror my setup. i will make sure to let him know the USG 50 won't be enough power for his setup.


mozerd
Light Will Pierce The Darkness
Premium,MVM
join:2004-04-23
Nepean, ON
Its much easier with subscription services .... I have not tried to do the same thing manually .... so I cannot give you any more tips -- some others may have done it manually.

The USG 300, USG1000 etc. have the horsepower .... it all depends on the loads expected and that requires a proper analysis.

tomdlgns
Premium
join:2003-03-21
Chicago, IL
kudos:1
i understand. thanks for your input.


Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:11
Reviews:
·TekSavvy DSL
·Bell Fibe
You can enable the trial service and then run without it after it expires.
The trial service will download all current signatures for all protocols. Those are not deleted after trial expires and the AppPatrol will continue to work with the signatures that you have.
Most protocols are not updated that frequently and you'll be fine without updates for some reasonable period of time (until there's a major update to certain protocol or new service that you wish to block emerges) ..then you'll need to subscribe to be able to re-download the latest signatures.

You'll always have issue blocking encrypted services. As such to conserve bandwidth AppPatrol is best combined with BWM.

tomdlgns
Premium
join:2003-03-21
Chicago, IL
kudos:1
well, i guess i need to check out the services and see what they cost.

does the software know the difference between usenet SSL and gmail/facebook SSL?


Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:11
I have not tested AppPatrol in any extensive way, but I'd guess, since the USG device does not have SSL proxy, that any encrypted services will just fly by it (I may be wrong).

tomdlgns
Premium
join:2003-03-21
Chicago, IL
kudos:1
that isn't good, many of these services can be configured to use SSL.


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
reply to tomdlgns
Okay people use your noggins. What is the best way to discourage p2p etc.
What do most hotspot wifi type units do (specific functionality).

And yes by the way I always recommend something like the N4100 in front of a USG for a setup. Makes is a plugNplay for the staff (they can hand out premade tickets for wifi etc etc......... - another thread perhaps LOL).

In any case the answer is BWM your wifi guests. THe wifi hotspots allow one to rate limit per user as well as apply BWM. THat is a p2p killer. Not sure what can be done similarly on the USG....... Perhaps assign the lowest QOS to p2p type traffic and use BWM in a creative way.

Note how the guard LLama is faster and more intelligent than the guard mutt.
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"

LlamaWorks Equipment


Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:11
Reviews:
·TekSavvy DSL
·Bell Fibe
reply to tomdlgns
Yeah, encryption is a nightmare for sysadmin without cisco like budget.

That's why I'm saying BWM might be alternative.
1) Limit your guest LAN to few standard outbound ports i.e. HTTP, HTTPS, POP3, IMAP, ...
2) Limit all guest LAN connections to limited bandwidth and low priority.


Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:11
reply to Anav
How does N4100 deal with encrypted traffic? Does it have SSL proxy or what method is used?


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
Good question.
The rate limiting is applied to an account, why would it matter what type of traffic it is??

Furthermore, the op could use a managed switch after the USG and use port rate limiting as well.


Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:11
You can do BWM/Rate limiting with USG too. USG has captive portal as well. The only thing that's questionable is inspection of encrypted traffic.