3

I want to ensure they're not downloading any illegal content (torrent websites in particular). If they're using a VPN or Tor, then I guess there's not much I can do, but if they're just connecting directly to, say, pirate bay, without masking their traffic and downloading content through them, is there a way for me to spot that and tell them off?

I'm not interested in throttling their traffic or monitoring what websites they otherwise visit. I'm only interested in detecting if they access the popular torrent websites (pirate bay, kickass, demonoid etc.) and download stuff through them.

My WiFi router is Technicolor 582n.

Nobilis
  • 221
  • 1
  • 2
  • 9
  • Your ability to block torrents will vary depending on your gateway device. See the following question for information on how to block torrent traffic : http://security.stackexchange.com/questions/42145/how-to-effectivily-block-torrents-on-my-network – DKNUCKLES Feb 07 '15 at 12:18
  • I just want to detect that they're using it, not necessarily blocking it. – Nobilis Feb 07 '15 at 12:22
  • Linked question still applies – DKNUCKLES Feb 07 '15 at 12:29
  • I'll have a look, thanks, I wonder how much of this I can achieve with a plain, off-the-shelf router though. – Nobilis Feb 07 '15 at 12:33
  • Admittedly, likely not much. Torrent traffic is notoriously difficult to block, even with enterprise firewalls because of the nature of how it operates. Monitoring or detecting it is typically done by monitoring the traffic and connections which, I would imagine, is beyond the capabilities of your router. – DKNUCKLES Feb 07 '15 at 12:39
  • You should worry more about what they're uploading, be it running a torrent server or sending threat mails to your president. How can you prove that it wasn't you doing that things? – ott-- Feb 07 '15 at 15:29
  • @ott-- I can't but I don't have to. It's not like libraries with public WiFi are held responsible for what people do with it. I think plausible deniability applies here. I can say that I tried to put safeguards and that I asked them not to do anything funny with it. – Nobilis Feb 07 '15 at 15:39

2 Answers2

1

I guess that most corporate people setting up Internet access for the employees may have the same need: how to ensure that employee does not waste enterprise's bandwith to download torrents?

Usually, the main answer lies in two things:

  • Restrict the destination port numbers to the really needed ones,
  • Setup a DNS cache server, which can provide an easy way to blacklist certain domain names (this implies that rules above do not allow port 53 as destination port),
  • Make the HTTP flow go through a proxy,in the current case a non caching proxy like privoxy may be usefull.

For HTTPS content, you will not be able to check the actual page or data content however you will be able to know the domain name of the website currently visited (both thanks to DNS requests and SNI) and compare it to a blacklist, which seems sufficient for your needs.

edit: Just a thought, in case of a one time check to answer questions like "Internet is going damn slowly, I hope my neighbor is not using all the bandwidth with torrents", you have the possibility to use a network sniffing software (like wireshark) on your wifi network to check what is going on currently.

WhiteWinterWolf
  • 19,082
  • 4
  • 58
  • 104
  • Does setting up a DNS cache server or installing privoxy depend on the type of router I have? Can I perhaps set up a low-grade proxy server PC to monitor traffic that passes through the network and alert me if, say, certain domain names crop up? – Nobilis Feb 07 '15 at 14:34
  • On my side I finally ended by using the "low-grade server" directly as a router and wifi AP, so I am completely free about what I can do, and the router provided by my Internet provider has now wifi disabled and acts mainly as a modem. However, if your neighbor traffic must still go through your Technicolor router, then yes you are bound to the functionality offered by the manufacturer, however some propose relatively advanced "firewall" filtering rules which may potentially allow you to redirect traffic coming from the Wifi interface to your proxy host. – WhiteWinterWolf Feb 07 '15 at 14:48
  • I'll have a look at the router's setting then, thanks, I honestly thought this would be more straightforward. – Nobilis Feb 07 '15 at 14:54
  • It should be noted, for what it's worth, all of the above measures are easily circumvented by someone who knows what they're doing. I would also note that these methods deal with blocking access to known trackers, but torrent downloads are facilitated by downloading pieces from different peers which is what makes it so difficult to block. – DKNUCKLES Feb 07 '15 at 15:11
  • @Nobilis It is not straightforward because you do not have ownership of your neighbor's computer. When parents want to apply such control on their children's computer, they just install some parental control software on their children's computer, define the rules they want to apply on a nice and easy colorful interface, and they are done. Here, we talk about intercepting and control traffic originating from an unmanaged computer... which become obviously trickier. I will just edit my post to add a last moment thought which may also be useful. – WhiteWinterWolf Feb 07 '15 at 15:19
  • @GZBK That's correct but the traffic passes through a machine (the router) to which I have admin access. All I want to know is whether they've visited these sites and if possible (depending on the router's settings) either blacklist them or find out about them. And I assume that my neighbours are not technically adept and will not seek to mask their activities. If they, do, then that's obviously a different story. – Nobilis Feb 07 '15 at 15:25
  • @DKNUCKLES: Yes, indeed. As I say, it the same kind of thing which is set in enterprise, therefore the same kind of workarounds apply, however all people has not the knowledge, time and/or will to actually use them (the same question arise on both parts: does it worth the effort?). And, hopefully for all people under a totalitarian regime, there is no way to completely and fully control Internet activity and maintain a complete censorship ;)! – WhiteWinterWolf Feb 07 '15 at 15:26
  • @Nobilis: I understand, however you have "admin" access only to the functionality that the manufacturer or the ISP wanted to allow you (you cannot install new software, change lower level configuration, etc.: ultimately _they_ are owner of the router), and I never saw such functionality offered, at least for free (and I doubt your ISP have any advantage in helping you to provide free Internet access to your neighborhood ;) ). – WhiteWinterWolf Feb 07 '15 at 15:40
  • @GZBK I suppose, yeah, might just get another router if there's no way around it. But I was interested to hear if this is something common around here and/or there's a known workaround. – Nobilis Feb 07 '15 at 15:41
  • 1
    @Nobilis: For information, as an alternative to using a low end PC as router, there are router where you can flash the ROM to install an open and, therefore, more customizable firmware. A list of projects is available [here](https://en.wikipedia.org/wiki/List_of_wireless_router_firmware_projects), but if you are interested be sure to choose a router compatible with the selected project. – WhiteWinterWolf Feb 07 '15 at 15:46
1

I think what you are looking for is 'parental controls' on your modem/router. Check your router if such a facility is available. If its not, then a browser that has such controls. The cheaper versions will just give you an option to enter the names of the websites that you want to block. The pricier ones will have advanced software (like privoxy as mentioned by GZBK) which restricts on keywords etc.,

nitarshs
  • 21
  • 2
  • Yeah, I did find those and added a bunch of torrent websites to them. However one of them uses encryption and even though I've correctly input the address, it's still accessible. Oh, well, might just get a better router. – Nobilis Feb 09 '15 at 08:39
  • I am not sure what you mean by encryption. If you mean the site requires a https connection, your router should still be able to stop those connection. Did you reset the connection after applying the settings? Can you google and check if others are having similar problems with this router? – nitarshs Feb 10 '15 at 11:30
  • Yeah, it picked up all the other websites that weren't using HTTPS but not this one for whatever reason. It might be a common issue with lower grade routers (as suggested [here](http://superuser.com/questions/622182/how-do-i-filter-out-addresses-using-https)). – Nobilis Feb 10 '15 at 11:43