Blocking P2P access

Discussion in 'Broadband' started by Darrel Griffin, Dec 4, 2005.

  1. Hi all

    Is it possible to block access to P2P networks

    I want to restrict access on the kids machines, They connect to the internet
    through a wireless connection to my Belkin ADSL Router and we are all
    running WinXP SP2.

    Can I block their access.

    Thanks
     
    Darrel Griffin, Dec 4, 2005
    #1
    1. Advertisements

  2. Darrel Griffin

    furby Guest

    Probably better to ask them! Children are taught quite a bit about
    computers now. The easiest way is to remove/uninstall the peer to peer
    program or install the free version of Zone Alarm. Zone alarm can be set to
    stop programs being allowed to connect to the internet and to also stop
    acting as a server. If they do run the popular programs they will not get
    any connection.
    That is the easiest way. Someone else was asking about this in another
    group.
     
    furby, Dec 4, 2005
    #2
    1. Advertisements

  3. Darrel Griffin

    MinusNet Guest

    Darrel Griffin wrote

    Get their school to sort them out. That's what most useless parents do.
     
    MinusNet, Dec 4, 2005
    #3
  4. Darrel Griffin

    Bob Eager Guest

    I've done it by setting up a proper firewall machine and only allowing a
    very few open ports...
     
    Bob Eager, Dec 4, 2005
    #4
  5. Darrel Griffin

    Colin Wilson Guest

    I want to restrict access on the kids machines

    You might be able to restrict their access to install apps, and get
    around it that way.
     
    Colin Wilson, Dec 5, 2005
    #5
  6. <sarcasm>

    Thank you for your usual high level of contributory usefulness.

    Perhaps you should get a job in CS, you'd be a natural.

    </sarcasm>
     
    Mark McIntyre, Dec 5, 2005
    #6
  7. Check the ports the P2P runs on, and disable traffic on those ports at
    your router. Also ensure your router does NOT have PNP enabled.
     
    Mark McIntyre, Dec 5, 2005
    #7
  8. Some of this posters useful replies to other genuine requests for help

    Unlike you, I don't recycle other peoples work.

    You couldn't make up some of the bollocks that gets posted here.

    Are you expecting pussnet to give you a bonus for that garbage?

    Yawn

    WTF do you think I got my info? For an arselicking pussnet employee
    you're pretty dense when it comes to knowing the facts.

    Tell her to move off the streets

    Do **** off. £24m turnover - my local Tesco does that.

    What's it like to have a brain fart?

    Plonk!

    I do like the sound a knobhead with a small cock complex makes as he fall's
    into the kill file
     
    Darrel Griffin, Dec 5, 2005
    #8
  9. Darrel Griffin

    Clint Sharp Guest

    Some of the P2P software is a bit smarter than that, ISTR that Kazaa was
    fairly agile about what ports it used and it was more than happy to use
    some very common port numbers (80 springs to mind) so it was a little
    difficult to block easily, You might want to check a few P2P apps to see
    if this is still the case.
     
    Clint Sharp, Dec 5, 2005
    #9
  10. I believe that for it to do this automagically, it needs uPNP enabled
    on the router.

    However... If the kids are smart enough to reconfigure the s/w to use
    different ports, then the only sensible recourse is give them user
    accounts with no install rights and regularly scan the machine for
    "naughty" apps.

    I seem to recall having several times recently also pointed out s/w
    like netnanny.
     
    Mark McIntyre, Dec 5, 2005
    #10
  11. Darrel Griffin

    Andy Furniss Guest

    I think the latter is the best idea.

    I know it's dead for now, but my kids used to use winmx and it had no
    problems running behind firewall/nat.

    When you talk of blocking ports you assume that p2p apps have to run as
    a server to work - they don't. I suppose it may not be as good (possibly
    only share with non firewall/nat users) - but then kids tend to share
    ubiqutous stuff anyway. I don't know if they go as far, but it is
    possible with the aid of a third public ip helper for 2 firewall/nat
    users to connect directly (not 100%).

    FWIW they just started to use ares and on the face of it (I haven't
    checked) it seems that they can download but not upload - which could be
    handy if you are worried about legal threats given UK law.

    Who would want to let their kids to be leeches though :)

    Andy.
     
    Andy Furniss, Dec 6, 2005
    #11
  12. Not at all - if the s/w is initiating the outbound connection, then
    block the port it wants to talk to. Sure, thats tricky if its using
    port 80, but you can simply ban software that uses common ports.
    They're your kids, surely you have that much control?
    I'd be more worried about what they d/l myself.
     
    Mark McIntyre, Dec 6, 2005
    #12
  13. Darrel Griffin

    Andy Furniss Guest

    LOL yes I really shouldn't post when I am half asleep - sorry.

    I assume your average dsl router can filter outbound on dst port then -
    I use a PC as a router so have never played with one. If they did ip
    addresses aswell I think it's possible to block skype by blacklisting
    the logon server addresses.

    I assumed that the OP wanted a solution that his kids couldn't get round
    - so doing anything to their PC or having rules to be broken was not
    considered.

    As has already been said blocking ports doesn't always work - there is
    of course a practically free solution - use an old PC running Linux and
    block with l7filter or ipp2p. I think surdix (nee route hat) has those
    builtin - it does QOS aswell. They don't bother with ports and use a
    combination of deep packet inspection and connection marking.
    They can probably find it on the www anyway - again if you want to block
    without changing their PCs then run a Linux PC with squid - a proxy and
    dansguardian - to block undesirable sites. Not for the uninitiated, though.

    Nothings going to be 100% whatever you do.

    My kids think it's highly amusing that their school blocks msn messenger
    and certain websites, yet all they need to do is use a web portal for
    msn and googles cache for the sites.

    Andy.
     
    Andy Furniss, Dec 6, 2005
    #13
  14. Darrel Griffin

    Ian Stirling Guest

    Why?
    Due to traffic reasons?
    Due to worries about being sued?
    Concern about what they are downloading?

    All may have slightly different answers.
     
    Ian Stirling, Dec 8, 2005
    #14
  15. Its because I am on the Wanadoo 2 gig service and I keep getting letters
    saying that my monthly download usage is 50 gig. I don't mind them down
    loading music but they keep downloading films and games, most of which don't
    work when they have downloaded them. so if I could stop the access to p2p
    sites my usage would be more at the level that I am paying for.
     
    Darrel Griffin, Dec 8, 2005
    #15
  16. Darrel Griffin

    Colin Wilson Guest

    Its because I am on the Wanadoo 2 gig service and I keep getting letters
    You could have some fun here then !

    You can buy a hardware device that acts a bit like a Windows Restore
    Point, and it can revert all changes to the HD upon a reboot with the
    exception of certain "user" directories. Its usually a PCI card, and
    can be configured to allow a "superuser" to carry out maintenance or
    updates without hassle.

    The little sods won`t know what`s hit them :p

    As most movies can take a while to download, a daily reboot would wipe
    any partial downloads.

    (and of course you can then monitor the directories they`re allowed
    access to)
     
    Colin Wilson, Dec 8, 2005
    #16
  17. Darrel Griffin

    MinusNet Guest

    Darrel Griffin wrote
    Install Kerio firewall. It can be set to allow/disallow programs. Set
    it up with an admin password. Stop all the P2P programs from
    running/accessing the interweb. Job done.
     
    MinusNet, Dec 8, 2005
    #17
  18. http://www.faronics.com/index.asp
     
    Nicola Redwood, Dec 9, 2005
    #18
  19. Darrel Griffin

    Colin Wilson Guest

    Colin Wilson, Dec 9, 2005
    #19
  20. Darrel Griffin

    MinusNet Guest

    Colin Wilson wrote

    Think it will arrive in the post?

    Item location: Leichestershire
    United Kingdom
     
    MinusNet, Dec 9, 2005
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.