Router – Block p2p downloading in the office

blockp2prouter

Well, I'm not sure how ethical this is, but I already posted this question to superuser and a poster suggested I move it over here. Very sorry if I'm breaking anybody's heart.

Anyway, here's the question:

I work in an education office in a third world country. We pay for internet by the megabyte (no other choice) and have lately been using an incredible amount of bandwidth. This is because the office staff have found out about p2p sharing. As far as I know, Limewire is the only program they're using, but I'm sure it's just a matter of time before they discover the more general world of bittorrent.

Using only a linksys router (that I could flash), is there any way for me prevent the office from destroying our bandwidth cap by downloading personal items (against policy).

Even semi-fixes would be better than nothing.

A few notes that became relevant after getting some answers on superuser:
1) I don't have access to everyone's computer.
2) Welcome to bureaucracy! Nobody can be fired. Realistic threats can't be made. This goes much deeper than stopping p2p, but hey. What can you do? Also, nobody has internet at home (expensive!) so they're fairly bloodthirsty.
3) Any solution has to be more-or-less automated. In about 8 months, I will leave and the office will still want to stop downloads.
4) One solution that seemed really appealing (on the suggestion of user skuzzy-delta) was using Tomato firmware to severly de-prioritize downloads. Unfortunately, my linksys wrt54g is too new for the firmware… but could pfsense or ddwrt do something similar? Would this be a good tactic?

For what it's worth, here's the link to my question on superuser: https://superuser.com/questions/66027/block-p2p-downloading-in-my-office

UPDATE:
1) Can't buy anything. That means I cannot set up a dedicated server.

2) My linksys is wrt54g cdfe…. v7… can't run ddwrt 🙁

Best Answer

First, I don't think you are going to be able to do a good job of this on a broadband router. You probably need to look at setting up a Linux box to act as a proxy firewall router. Plus, if you do this on a computer you can run a cache which will save you bandwidth since pages visited by many users will only need to be downloaded once.

Blocking P2P tends to get very difficult. Most protocols these days tend to be very good at getting around the firewall.

  • Setup a firewall that by default denies any outgoing requests. Yes, this is very harsh, but if you really want block things this is a cheap way to start
    • you will need to probably explicitly add rules for any servers that are hosted within your network.
  • Setup an HTTP proxy (e.g. squid), and all the browsers to use the proxy server.
  • Subscribe to a blacklist (e.g. 1, 2) service and make sure you prohibit any proxies.
  • Setup something like srg or sarg to produce reports per user/computer about who is visiting what, and how much bandwidth they are using. Give the administration the ability to view this information.
  • Use the controls inside your proxy server to throttle computers (squid delay_pools)
  • Setup a procedure for trusted users to get around the default deny firewall policy. (But still keep logs)

I know the above is very heavy-handed, but it will block almost all P2P traffic, and isn't particularly difficult to implement.

Please see these related questions:

Related Topic