recommended routers that would block torrents

remixedcat

Weaksauce
Joined
Jun 5, 2011
Messages
70
what is a router under 300 bucks that I can get that would block torrent traffic?

Can I also just do it with pfsense or any of those?

Please let me know.
 

firedrow

Limp Gawd
Joined
Oct 11, 2013
Messages
161
Blocking Torrents is much more difficult than you may realize, or much easier than I realize and someone already has a solution. But what we've done for our customers who have public wireless systems or employees with torrent problems, we lock down outbound ports and use OpenDNS. In OpenDNS you can block the P2P/Torrent category to stop new traffic and file downloads. In the firewall only allow some outbound ports and monitor your traffic logs to find other ports that may be needed. So for example, at a coffee shop, we allow out ports 80 (http), 443 (https), 22 (ssh), 143 (imap), 25 (smtp), 110 (pop3), and 53 (dns). Then we monitor traffic for a week or so and find what other ports are commonly attempted to be used, such as Apple iTunes ports. Now the random over 10000 ports that BitTorrent commonly uses doesn't connect.

But the smart torrenter knows you can just change the port in their client to use port 80 and they're back out. The dumb torrenter is foiled.

You could do this easily on a $99 Ubiquiti EdgeRouter Lite.

Now if you have to guarantee Torrenting is blocked, you would need something that can do Deep Packet Inspection, which probably means an expensive appliance from one of the big buys like Fortinet or Watchguard.
 
Joined
Jul 6, 2014
Messages
27
To summarize the problem, to block the ports when most can randomize from ports 50k to 65k is a recipe for issues. On top of that you can have encrypted traffic which prevents any packet level inspection. The best solution I've seen is stopping the clients from connecting to begin with, at the trackers. The link here describes how to do that using dd-wrt a common aftermarket firmware. This is why I asked what hardware you already have.
 

iroc409

[H]ard|Gawd
Joined
Jun 17, 2006
Messages
1,384
Untangle would be one, if you're using this at home Sophos UTM is a good product as well. If it's a commercial environment, you'll have to buy a unit from Sophos, or license the software to run on a PC. It works pretty well by my experience.
 

diizzy

2[H]4U
Joined
Nov 6, 2008
Messages
2,602
Untangle etc is not really the answer, you need to combine a bunch of "tools".

By default block all ports outbound
Only allow bare minmum outbound ports, if possible use proxies (HTTP etc) to filter torrent files and sites

That's a start...

//Danne
 
Joined
Oct 10, 2002
Messages
3,441
Sonicwall TZ105 makes it easy. Place a check mark in a box to block torrents and you're done. Note there is an annual renewal cost for security services.

CGSS (comprehensive gateway security suite) includes all of it. Content filtering, IPS, Anti spyware, Gateway AV, application control and tech support.

The wireless unit costs a bit more than the wired unit. Supports up to 20Mb internet connection. It will require a higher end unit to support faster connections.

http://www.amazon.com/Sonicwall-TZ-105-Wireless-N/dp/B00A6B4O7S
 
Last edited:

iroc409

[H]ard|Gawd
Joined
Jun 17, 2006
Messages
1,384
Untangle etc is not really the answer, you need to combine a bunch of "tools".

By default block all ports outbound
Only allow bare minmum outbound ports, if possible use proxies (HTTP etc) to filter torrent files and sites

That's a start...

//Danne

The UTMs combine a bunch of tools to do exactly that. Sophos and Untangle both use IPS, HTTP proxy to block sites, and some application detection. Sophos is a lot more polished than Untangle, and I've even read on their forum the Untangle IPS doesn't work well without substantial tuning and modification.

Sophos uses IPS, content filtering and application detection in an HTTP proxy to filter network content. Sophos also uses their own AV on the gateway, instead of Untangle's use of ClamAV. They let you install their AV on 10 end points, integration with their wireless systems, reverse proxy, VPN, etc. It has a pretty exhaustive country-blocking capabilities (need to be careful with this), email proxy (this is a really neat feature), etc. You can even do pretty seamless HTTPS inspection. The previous method would have the Sophos device generate a certificate, and install it on the end points. However, this only works in a closed system. The new version has a method to filter HTTPS without breaking encryption--which isn't as secure as going with the certificates, but would work in a more open environment such as providing guest wifi.

They are worth a look, as the features are pretty impressive. I ran Untangle for something like 7 years, and I don't think it ever detected anything. I ran Sophos for a few months, and it detected a few (viruses, even). I was quite impressed. It even sent out very nice emails once a day with an executive report of network activity. Untangle sends out PDF's, but it's nice to have just a short one-pager in your email box you don't have to open a PDF or anything.

Other than Sonicwall, Juniper & Fortinet get pretty good reviews in the UTM category. I'd take a good look at Fortinet if I were buying for a business, and compare with Sophos.
 

boss99

2[H]4U
Joined
Dec 29, 2006
Messages
2,627
Can untangle detect torrents even when the client uses encryption? I figured at that point, it would be dependent on IP reputation.
 

diizzy

2[H]4U
Joined
Nov 6, 2008
Messages
2,602
@ iroc409

I know what it is, just saying that it's not just one thing you need to do to perform the task...
//Danne
 

iroc409

[H]ard|Gawd
Joined
Jun 17, 2006
Messages
1,384
@ iroc409

I know what it is, just saying that it's not just one thing you need to do to perform the task...
//Danne

Hmm... I figured you did, but I guess I don't see why you say they wouldn't be fit for purpose. I know there's a plausible argument against using a single device, but for small installations it's much easier than having all of this in separate devices. Or are you referring to a specific feature they are lacking to do the job?
 

diizzy

2[H]4U
Joined
Nov 6, 2008
Messages
2,602
I was just doing a following up on firedrow's suggestion(s) which would be the "technical" correct one ;)
Tools != multiple devices
That said, I have no idea how well Squid or any other web proxy performs on the ERL.
//Danne
 

Red Squirrel

[H]F Junkie
Joined
Nov 29, 2009
Messages
9,211
Easiest way is to block all outgoing ports except for what is needed like 80, 443 etc. There may be some torrent servers listening on those ports but they'll be far and few between and it should at very least highly reduce the ability to use torrents.

There may be solutions that will actually do packet inspection and look for the type of traffic but I would imagine you need a pretty beefy box for that since it would need to actually read every single packet and analyze it, instead of just passing or blocking it based on layer 3 info. Dual cpu, etc.
 

iroc409

[H]ard|Gawd
Joined
Jun 17, 2006
Messages
1,384
I was just doing a following up on firedrow's suggestion(s) which would be the "technical" correct one ;)
Tools != multiple devices
That said, I have no idea how well Squid or any other web proxy performs on the ERL.
//Danne

Ah, right, makes sense. :D

There have been some people working with content filtering on the ERL with the stock OS, but most of it involves a lot of custom scripting and mostly block lists--which probably wouldn't help the OP much. The firewall rules do (did?) have a check box to "block P2P", but I don't really know how effective it would be.

The ERL does have some sort of "webproxy" that can be enabled through the CLI, and it *might* even be based on Squid: here (no idea on performance, and also wouldn't probably help much against torrents).
 

remixedcat

Weaksauce
Joined
Jun 5, 2011
Messages
70
Thanks everyone :) I'm looking into all these options.

Currently just have an amped rta15, however I did order a meraki z1 and I am giving that a shot. I'll let you know how it goes.

If it doesn't do good I may look into the other options.

I saw that there's a watchguard firebox on newegg for about 200 that looks pretty interesting. I have submitted an evaluation request to see if I can test it before I buy it.
 
Last edited:

diizzy

2[H]4U
Joined
Nov 6, 2008
Messages
2,602
Squid (or any other fitering proxy) would help as you would be able to block .torrent files using transparent filtering...
//Danne
 

FnordMan

[H]ard|Gawd
Joined
Apr 22, 2011
Messages
1,727
Squid (or any other fitering proxy) would help as you would be able to block .torrent files using transparent filtering...
//Danne

which does almost nothing for blocking torrenting activity given there's tons of sites that don't use .torrent files anymore, just magnet links.
 

MadJuggla9

2[H]4U
Joined
Oct 9, 2002
Messages
3,515
http://www.badips.com is a new haven for hackers worldwide. Their is also an easy to use API. Not a direct answer but definately worth a check. If you have linux machine you can sync the firewall setting to read from the site realtively easily.

A nice built in solution if you consider the web built in :p
 

MrGuvernment

Fully [H]
Joined
Aug 3, 2004
Messages
20,618
Untangle etc is not really the answer, you need to combine a bunch of "tools".

By default block all ports outbound
Only allow bare minmum outbound ports, if possible use proxies (HTTP etc) to filter torrent files and sites

That's a start...

//Danne

It is %100 the answer, i do it at work, if you get the Application control module, not sure if that is free or paid.

Untangle blocks the actual application running by reading the application header / prochain info.
 

remixedcat

Weaksauce
Joined
Jun 5, 2011
Messages
70
Anyone recommend a low wattage option? Electric bill has to be kept low due to the higher summer bills :( The untangle boxes on their site are hella expensive (700+!)
 

iroc409

[H]ard|Gawd
Joined
Jun 17, 2006
Messages
1,384
Depending on your size requirements, a 1037u Celeron might work. The Gigabyte one has dual Realtek NICs on board for something like $70, and I think the CPU is rated with a TDP of 17W. I ran Untangle on a Celeron E3300 for a while, and they bench almost identical, and it ran fine.

The new J1900 might be worth a link, but it would probably be underpowered. The C-series 4/8 core Atoms might also work, but they are spendy. Any basic, modern CPU will use pretty low power. If you watch for sales, you can get a Dell T20 with a G3220 cheap (they start at $300).
 

diizzy

2[H]4U
Joined
Nov 6, 2008
Messages
2,602
@ remixedcat

It all depends on on your knowledge and "official" support. The EdgeRouter Lite running FreeBSD can most likely (I haven't tried Squid on it myself) do it but with limited performance. It would be more interesting to use a Wandboard/CuBox/Hummingboard which most likely would do this task fine (just use VLANs and a VLAN capable switch if you need two ports).
//Danne
 

iroc409

[H]ard|Gawd
Joined
Jun 17, 2006
Messages
1,384

Not likely for a firewall, that was start-up wattage with 4 hard Red's in it. Most modern Intel desktops don't use that much power. From the same thread:

Power usage running 9.2.1.2(from a kill-a-watt):
Base system as delivered: 22w
Base + 8GB module (12GB total) and 2x 4TB Seagate: 35w
Running 1 stream from Plex plugin (no transcoding): 44W

T20 is now loaded with four 4TB RED. Almost doubled the weight, at least it felt so.
It draws about 90W on spinup.
Between 0 and 1W in standby (with tone)
More data when I load FreeNAS after testing.

Mine at idle doesn't use much power. It's only powered on during testing at the moment, but with it at idle and my file server running with 3 hdd's, my UPS says 35-40w combined load. That should include my switch, firewall, etc.

I would assume it's actually using a little more power than that, but there's a huge difference in the room between these two systems and my previous two systems, which the UPS reported at 130W. It's hard to really calculate power though, as it has been said the kill-a-watt power readings are suspect with computers, and I would question the readings on my UPS somewhat as well.

The EdgeRouter documentation says it uses a max of 7W, and I actually kind of doubt it normally uses that much power. I think you'd have to go to a J1800/1900 to get close in a "computer".

I think I saw in the paper this weekend that Dell actually sells a J1800-based desktop now, but you can build your own for cheaper.
 
Last edited:

iroc409

[H]ard|Gawd
Joined
Jun 17, 2006
Messages
1,384
22w sounds very low and inaccurate....

http://docs.ts.fujitsu.com/dl.aspx?id=0da3863b-29c3-49ed-80f5-aa29332d01d1 - ..and they're know to be very energy efficient
//Danne

That's a good document, as it's hard sometimes to find real power specs on computer systems--but I don't think it's far off the mark. It is talking about quad-core systems, which the G3220 is a dual core. Although, at idle, there's probably little difference between the two, the G3220 probably uses slightly less power under load (but less horsepower available, so not necessarily more efficient).

Anyway, the document you linked indicates a maximum power usage of about 70W, for both systems listed. Idle mode for both systems is about 20W. "Mode 2" (whatever that is) states 23-28W idle.

It also shows standby of 0-1W, which is consistent with what I quoted from the Kill-A-Watt in the other thread.

So, I'd expect it to run in the 20-30W range, but I'm making the assumption that the system will largely run at or close to idle. If the system is consistently loaded heavily, then I'd question whether you'd even be able to use a smaller system for the application. 3-4x the power usage of an ERL even at max loading (and the cost), but you still have limits on the ERL that may not make it applicable.
 

remixedcat

Weaksauce
Joined
Jun 5, 2011
Messages
70
Not too bad usage.I think I found an option thanks to you guys :)

I'll look into that if my current solution fails.
 
Top