So I work for a university. We are required by law now to make a 'good faith' effort to prevent our networks from sharing copy right materials via P2P.

Bit-torrent traffic can be blocked but it has many legitamate uses so we don't want to block an entire protocol just because big brother is demaning we become net police.

Believe me we're not happy about this situation but the law has to be followed when you're an educational institution, it's all about funding.

We'd like a solution that's not going to break the bank too. What are our options?

You could block access to some of the bigger trackers such as thepiratebay.org and mininova.org

You could also block many of the other file sharing protocols such as limewire, edonkey/emule, kazaa, ares etc.

To specifically target illegal torrent downloads, you'd need to inspect all traffic using that protocol and that would be a major invasion of privacy. Not to mention that the more savvy could bypass it by enabling encryption.

I disagree with establishments that try to block sites, ports and proxies. My g/f works on the same problems in the IT department in a college. The more you try and actively block someone from doing something, the more they'll try and find ways, often destructive around it. The best way is to deter efforts but not to block them.

The solution in this case would be to restrict the bandwith on p2p ports. That means you could legitimately download a small file but stop users downloading files like pirated movies since it would take so long.

Thnak sfor the responses.

You could also block many of the other file sharing protocols such as limewire, edonkey/emule, kazaa, ares etc.
Yep that pretty much has to happen.

to inspect all traffic using that protocol and that would be a major invasion of privacy.
We'd like to automate the process of course. No real person will be inspecting, ideally there is a software solution to achieve this. Have you heard of anything? Then it's as much an invasion as gmail scanning you mail to serve ads. Of course this is a private network so legall we have the right to inspect all traffic, however morally I don't want to be a snoop.

I disagree with establishments that try to block sites
Yea me too but it's the new law, it's us who get prosecuted.

The more you try and actively block someone from doing something, the more they'll try and find ways, often destructive around it.
That I think is why the law requires a 'good faith' effort rather than an absoulte halt to all copyright infringement.

The solution in this case would be to restrict the bandwith on p2p ports. That means you could legitimately download a small file but stop users downloading files like pirated movies since it would take so long.

That'll stop legal big files too like Linux ISO's which is one of the main thing I personally would like to see continue.

On Google, this (http://www.google.com/search?q=universities+P2P+blocking) turned up a bit of information about what others are doing.

Would proxy control work?


If not, this is the system in a link below that they use at the g/f's work. Called "Total traffic control", its kinda expensive but in a college with a load of wannabe hackers, it hasnt been broken, yet! From my understanding it utilises DMZ as a layer of security on LAN's ..


http://www.lightspeedsystems.com/K12NetworkSecurity.aspx