Portal Home > Knowledgebase > Articles Database > No Log VPN Service - Stopping P2P Abuse
No Log VPN Service - Stopping P2P Abuse
| Posted by SMRNetworks, 02-26-2014, 11:14 AM |
| I run a no log VPN service and from time to time I get a user on there who just goes to town with p2p. Sometimes datacenters get upset if we generate several reports at 1 time. I am attempting to find a way to limit/block P2P if required without impacting other legitimate sources of traffic. I have tried a lot of L7 filters with limited success.
|
| Posted by FINESEC, 02-26-2014, 06:14 PM |
| Do you want to block all P2P or torrent in certain? Anyways, blacklisting IPs of public torrent trackers, blocking UDP and allowing outgoing connections to standard ports only (80, 443, 22, 21, etc) should stop many leechers.
|
| Posted by SMRNetworks, 02-26-2014, 08:35 PM |
| Really I don't want to block any of it. My VPN service qualifies as a Transitory Digital Network Communications meaning we are not liable for what users transmit but I feel like my back is against the wall with most colo's. Even if I offer to let them speak to our attorneys they refuse and usually recommend I enable logging. Which is something I will not do for copyright notices.
Sorry for venting. I cant just block UDP I thought about queuing traffic for all but a few ports to force them to servers that permit P2P. Perhaps I will have to do that. Do you know where I can get a good list of public torrent trackers that stays up to date?
|
| Posted by dominum, 02-26-2014, 08:58 PM |
| I also had a bunch of vpn servers and most of the headache comes from DMCA complaints after a user does P2P stuff.
After being forced to move 6 times, I had to block a couple of stuff. So far, so good.
|
| Posted by SMRNetworks, 02-27-2014, 01:14 AM |
| Can you elaborate?
|
| Posted by FINESEC, 02-27-2014, 09:27 AM |
| http://pastebin.com/xniE48zc
|
| Posted by eth00, 02-27-2014, 10:26 AM |
| Blocking ports or ips is one option.
Another solution would be using an IDS with rules enabled for p2p traffic.
|
| Posted by dominum, 02-27-2014, 04:06 PM |
| You can implement polcies in your vpn,depending on how you route it.
In my case,our vpn goes through a router vps running pfsense.
We filtered traffic through pfsense.
|
| Posted by SMRNetworks, 02-27-2014, 09:22 PM |
| This is getting implemented right now. Thanks.
I always thought IDS was pretty close to the same thing as Layer 7 filters? I use Mikrotik so if its not Layer 7 filters than can you recommend a good Opensource IDS system I can look into?
I use Mikrotik and I am mangling packets and doing pattern matching if that is what you mean by policies. I don't want to replace Mikrotik its a great router.
|
| Posted by dominum, 02-27-2014, 09:52 PM |
| I have no deep knowledge with mikrotik but I do use it for my wifi. Blocking p2p with it is quite hard.
|
| Posted by SMRNetworks, 02-27-2014, 09:58 PM |
| I am looking at OSSEC, bro, suricata and SNORT right now. Anyone have opinions on any of them?
|
| Posted by FINESEC, 02-28-2014, 05:29 AM |
| Yeah, that's true. If p2p traffic is encrypted they're pretty much useless.
|
| Posted by eth00, 02-28-2014, 06:02 PM |
| Take a look at suricata with the emerging threats rules. They have some rules targeted at detecting and potentially blocking P2P.
|
| Posted by SMRNetworks, 03-01-2014, 02:39 AM |
| I ended up downloading onion security to evaluate some of the tools because it has a lot of stuff installed by default. Suricata is one of the tools installed.
|
| Posted by spark2310, 02-21-2015, 03:05 AM |
| im working at a vpn company and we get 2k dmcas reports/day. we came up with some solutions after being pushed by many colos to reduce p2p traffic.
- block all p2p activity by trackers, torrent websites, ports..etc but that wasnt an option as many users use our vpn for p2p.
- you can redirect p2p traffic through Tor. was difficult to do but its doable
- limit p2p to colos in europe like romania, netherlands, germany. i think its unlikely anti p2p companies are monitoring torrent swarms there and dmca do not apply there or not as important as US colos for example. but i think if you jurisdiction is in the US, then dmca applies to where your vpn located. but at least this should reduce dmcas numbers alot and colos in these countries are more OK with it.
- block some anti p2p organizations that monitor torrents swarms. peerblock has these ips, and you can use some/all of whats on the list block these ip destination in your vpn.
- there are other options maybe throttling..etc
|
| Posted by spark2310, 02-21-2015, 03:09 AM |
| I am interested to know how to avoid p2p using snort/emerging threats. so it can be used to detect p2p based on signatures? what can you do then with that? how do you block/avoud p2p based on the rules?
|
Add to Favourites 
Print this Article
Also Read
