<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Georgia;
panose-1:2 4 5 2 5 4 5 2 3 3;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
h1
{mso-style-priority:9;
mso-style-link:"Heading 1 Char";
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:24.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.Heading1Char
{mso-style-name:"Heading 1 Char";
mso-style-priority:9;
mso-style-link:"Heading 1";
font-family:"Calibri Light",sans-serif;
color:#2E74B5;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle20
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Mark,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-indent:.5in"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Our approach that has been fairly successful is to use the OPLIN provided OpenDNS filtering in conjunction with forcing our DNS server
for WiFi users. This is also how we protect our WiFi to conform to CIPA rules, protect mobile patrons from malicious sites, and fix issues with internally hosted servers like our website.
<o:p></o:p></span></p>
<p class="MsoNormal" style="text-indent:.5in"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-indent:.5in"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">To put it simply, we restrict all port 53 traffic at the ACL level and the firewall (as a backup) except to our DNS server of choice,
that DNS server then uses OpenDNS as its forward lookup zone. OpenDNS will block the URL for most torrent sites, and for the trackers themselves thus preventing users from being able to download torrents. Now there are ways around this, one such way is if
you start a torrent somewhere else, pause it, and then bring the machine here just to complete the download. Since it already established the connections to the remote machines we can’t prevent it. It also won’t prevent private trackers or people that know
the IP address of a specific tracker. However, I don’t even remember the last time we got a MPAA violation notice after we implemented this. It should also allow torrents that are legitimate like a linux distro because OpenDNS would most likely not be blocking
legitimate tracker URLs. The only issue this may ever create is if you have a tech savvy patron that is attempting to use Google DNS or some other custom DNS. They would simply get nothing when they opened their browser. We have been doing this for some time
this way, I don’t know as if we have had anyone say anything so far. If they do though, we have informed out tech desk to just tell them they need to set all of their settings on their PC to Automatic for it to work on our system.
<o:p></o:p></span></p>
<p class="MsoNormal" style="text-indent:.5in"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-indent:.5in"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">One other thing we do is have our ACL set to implicit deny with explicit allows on only specific ports for the WiFi vlan. We allow most
of the standards ports, 80, 443, 22, 3389, 500, ect… However if it’s not on the allowed list, it’s blocked. This will help prevent torrent clients from using Ephemeral ports to connect over.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:14.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Shawn Whetsel</span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><br>
</span><span style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Information Technology Manager | Information Technology<u><o:p></o:p></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Akron-Summit County Public Library
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:#1F497D">330-643-9161<br>
</span><span style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><a href="http://www.akronlibrary.org"><span style="color:#0563C1">www.akronlibrary.org</span></a>
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> OPLINTECH [mailto:oplintech-bounces@lists.oplin.org]
<b>On Behalf Of </b>Technology Coordinator<br>
<b>Sent:</b> Monday, October 17, 2016 11:35 AM<br>
<b>To:</b> oplintech@lists.oplin.org<br>
<b>Subject:</b> [OPLINTECH] Bit Torrent traffic managment<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">How are you curtailing Bit Torrent traffic on your wireless networks? I am using Meraki and am seeing multiple instances of Bit Torrent being used to download copyright protected material by individual devices per MAC address. <o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Do you block Bit Torrent outright?<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Enable Bit Torrent for each individual?<o:p></o:p></p>
</div>
<div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">The sticky wicket is that there is a legitimate use for this protocol so I am resistant to outright blocking it.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Thank you,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Mark<o:p></o:p></p>
</div>
<p class="MsoNormal">-- <o:p></o:p></p>
<div>
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt">Mark Sanzotta<br>
Technology Coordinator<br>
Ashtabula County District Library<br>
4335 Park Ave.<br>
Ashtabula, Ohio 44004</span><o:p></o:p></p>
<div>
<p class="MsoNormal">Cell: 440.969.5486<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<h1 style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:11.25pt;margin-left:0in;line-height:13.5pt">
<span style="font-size:10.5pt;font-family:"Georgia",serif;color:#181818;font-weight:normal">“Google can bring you back 100,000 answers. A librarian can bring you back the right one.” ― <a href="http://www.goodreads.com/author/show/1221698.Neil_Gaiman" target="_blank"><span style="color:#666600;text-decoration:none">Neil
Gaiman</span></a><o:p></o:p></span></h1>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>