Solved

how to block torrent, P2P, etc through GPO

Posted on 2013-06-27
8
3,904 Views
Last Modified: 2013-12-29
We have server 2008 r2. How do I block torrent, P2P, etc through GPO? I found an interesting tutorial, but unfortunately seems the site is down. http://www.youtube.com/watch?v=pE_0FWNYp18       

our router doesn't have the ability to do it and at this moment we are not looking to purchase web filter software or appliance like sonicwall or the barracuda... so I can only look for "free" solution.... Any advise?
0
Comment
Question by:okamon
8 Comments
 
LVL 6

Expert Comment

by:Vijay Pratap Singh
ID: 39283317
You can try to make a rule in firewall of windows to block the port of torrent :)
0
 

Author Comment

by:okamon
ID: 39283465
it's hard. each p2p use different ports and some are random. Also why it's the rule in windows firewall? it should be created on the hardware firewall.
0
 
LVL 15

Expert Comment

by:Ian Meredith
ID: 39283484
There are a suite of open source web proxy programs for linux and windows available.

You can then block traffic (tcp ports) using this system. That is once you have added proxy redirection to all your clients via group policy.

For most legitimate traffic the ports are all below 1000, you can then safely block ports 1001-65535 which what most P2P and torrents programs use.

Hope it helps
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 79

Expert Comment

by:David Johnson, CD, MVP
ID: 39283490
For most legitimate traffic the ports are all below 1000, you can then safely block ports 1001-65535 which what most P2P and torrents programs use.

Which is fine unless you have a DNS server that uses port randomization..
Or other service(s) that users ports above the known range of 0-1024.

There is a method of using port 80 for .torrent traffic. It is much easier to make all users standard users and use a blacklist of the popular torrent software but you have to keep updating it.. for every safeguard there is a way around it for the determined.  Even deep packet inspection can be defeated by using a vpn
0
 

Author Comment

by:okamon
ID: 39302505
will the web content filter appliance help? like the one from sonicwall or barracuda?
0
 
LVL 79

Expert Comment

by:David Johnson, CD, MVP
ID: 39303411
yes an appliance will do the packet inspection and block the items you need.. Do users still use Kazaa / BearShare these days?
0
 
LVL 7

Accepted Solution

by:
deviprasad_s earned 450 total points
ID: 39307329
dear okaman ,

you want o block p2p,torrent ,xxx,vedios ,mp3 so on in your network ,and dont want to pay for it ,and dont want a steep learnign curve also ,and also eay to maintain once setup ..

the one that I implemented is squid 3.1 proxy server for linux ,
and I does the job perfectly ,you can customize it your organization needs .

if you plan to implement, i can post installation instructions and config files for that also .
so decide .

thanks,
s.deviprasad
0
 
LVL 1

Expert Comment

by:collinsn
ID: 39745108
Hi there s.deviprasad,

I would really appreciate if you could share this setup for me also.  I have users connecting to our VPN Server and I would then like to use squid 3.1 to block p2p,torrent,xxx,vedios, mp3 etc.

Thanks
Nev
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

823 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question