[OPLINTECH] Bit Torrent traffic managment

Whetsel, Shawn swhetsel at akronlibrary.org
Wed Oct 19 09:32:02 EDT 2016


Mark,

Our approach that has been fairly successful is to use the OPLIN provided OpenDNS filtering in conjunction with forcing our DNS server for WiFi users. This is also how we protect our WiFi to conform to CIPA rules, protect mobile patrons from malicious sites, and fix issues with internally hosted servers like our website.

To put it simply, we restrict all port 53 traffic at the ACL level and the firewall (as a backup) except to our DNS server of choice, that DNS server then uses OpenDNS as its forward lookup zone. OpenDNS will block the URL for most torrent sites, and for the trackers themselves thus preventing users from being able to download torrents. Now there are ways around this, one such way is if you start a torrent somewhere else, pause it, and then bring the machine here just to complete the download. Since it already established the connections to the remote machines we can’t prevent it. It also won’t prevent private trackers or people that know the IP address of a specific tracker. However, I don’t even remember the last time we got a MPAA violation notice after we implemented this. It should also allow torrents that are legitimate like a linux distro because OpenDNS would most likely not be blocking legitimate tracker URLs. The only issue this may ever create is if you have a tech savvy patron that is attempting to use Google DNS or some other custom DNS. They would simply get nothing when they opened their browser. We have been doing this for some time this way, I don’t know as if we have had anyone say anything so far. If they do though, we have informed out tech desk to just tell them they need to set all of their settings on their PC to Automatic for it to work on our system.

One other thing we do is have our ACL set to implicit deny with explicit allows on only specific ports for the WiFi vlan. We allow most of the standards ports, 80, 443, 22, 3389, 500, ect… However if it’s not on the allowed list, it’s blocked. This will help prevent torrent clients from using Ephemeral ports to connect over.

Shawn Whetsel
Information Technology Manager | Information Technology
Akron-Summit County Public Library
330-643-9161
www.akronlibrary.org<http://www.akronlibrary.org>

From: OPLINTECH [mailto:oplintech-bounces at lists.oplin.org] On Behalf Of Technology Coordinator
Sent: Monday, October 17, 2016 11:35 AM
To: oplintech at lists.oplin.org
Subject: [OPLINTECH] Bit Torrent traffic managment

How are you curtailing Bit Torrent traffic on your wireless networks? I am using Meraki and am seeing multiple instances of Bit Torrent being used to download copyright protected material by individual devices per MAC address.

Do you block Bit Torrent outright?

Enable Bit Torrent for each individual?

The sticky wicket is that there is a legitimate use for this protocol so I am resistant to outright blocking it.

Thank you,
Mark
--
Mark Sanzotta
Technology Coordinator
Ashtabula County District Library
4335 Park Ave.
Ashtabula, Ohio  44004
Cell: 440.969.5486

“Google can bring you back 100,000 answers. A librarian can bring you back the right one.” ― Neil Gaiman<http://www.goodreads.com/author/show/1221698.Neil_Gaiman>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oplin.org/pipermail/oplintech/attachments/20161019/58fa31f1/attachment.html>


More information about the OPLINTECH mailing list