Patrick, You're right. The port hopping of P2P programs makes it very difficult to control. Some schools opt for segmenting the student traffic on a separate network with a dedicated internet connection. They let the students police themselves and fight it out for bandwidth.
We've not done that, but we've used a variety of methods of the years. By far packet shaping has been the best. We were using Packeteer but made the switch to Procera a few years ago. It has been fantastic and almost instantly decreased our P2P traffic. NAC is another good solution. We use Bradford Networks for ours. Bradford makes both a dissolvable agent and a persistent agent. To effectively control P2P using NAC, Jason is correct. You'd have to install an persistent agent. If you are like us, we are very reluctant to install software on students computers so we opted for the dissolvable agent. It doesn't help us with P2P but does help us identify users and machines. My two cents. Jeff Jeffrey P. Rice Network and Telecommunications Engineer Department of Information Technology Olivet Nazarene University One University Avenue Bourbonnais, Illinois 60914 815-928-5540 (office) " . . But God put his love on the line for us by offering his Son in sacrificial death while we were of no use whatever to him. Now that we are set right with God by means of this sacrificial death, the consummate blood sacrifice, there is no longer a question of being at odds with God in any way." - Romans 5:7-9 (MSG) This message is from the Office of Information Technology at Olivet Nazarene University and is intended only for the recipient to whom it is addressed. This message and attachments may contain confidential or privileged information (including FERPA-protected information) and are intended solely for the use of the recipient noted above. Please do not share or forward this e-mail without the permission of the sender. If you are not the proper addressee, please do not review, disclose, copy, distribute or use the contents of this message; please destroy the message immediately and notify me at 815-928-5540 or [email protected]<mailto:[email protected]> [Description: Description: cid:BLQAOIQENZTQ.IMAGE_24.jpg]<http://www.olivet.edu/> From: [email protected] [mailto:[email protected]] Sent: Thursday, September 13, 2012 8:06 AM To: Enterasys Customer Mailing List Subject: RE: [enterasys] Blocking bittorrent and P2P Like Rob also mentioned, your best bet though would be NAC, that way via the assessment scan, you can make it mandatory for the NAC agents installed on your computers to automatically stop/shutdown know P2P processes or services. Thanks, Jason Rearick Network Engineer Home Office: Info Center Utica National Insurance Group P.O. Box 530 Utica, NY 13503 Email: [email protected]<mailto:[email protected]> Phone:315-734-2704 From: Patrick Printz <[email protected]<mailto:[email protected]>> To: "Enterasys Customer Mailing List" <[email protected]<mailto:[email protected]>>, Date: 09/13/2012 08:50 AM Subject: RE: [enterasys] Blocking bittorrent and P2P ________________________________ I have both. I guess my concern was that bittorrent and P2P are adapting and can use such a wide range of ports, even port 80. Just didn't know if there was anything beyond blocking the default ports that people have tested. I will definitely look in oneview though. Thanks. Patrick Printz Network Infrastructure Quinsigamond Community College 670 West Boylston Street Worcester, MA 01606-2092 w. 508-854-7517 c. 508-726-9529 "If a man is called a street sweeper, he should sweep streets even as Michelangelo painted, or Beethoven composed music, or Shakespeare wrote poetry. He should sweep streets so well that all the hosts of heaven and Earth will pause to say, Here lived a great street sweeper who did his job well." ~Martin Luther King, Jr. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] Sent: Thursday, September 13, 2012 7:08 AM To: Enterasys Customer Mailing List Subject: Re: [enterasys] Blocking bittorrent and P2P Do you own Netsights Policy Manager, and or Oneview? Because with just Policy Manager, you can build the service and rule to block it, and if you have Oneview and run netflow, you can right click on the flow and make the rule quickly. Thanks, Jason Rearick Network Engineer Home Office: Info Center Utica National Insurance Group P.O. Box 530 Utica, NY 13503 Email: [email protected]<mailto:[email protected]> Phone:315-734-2704 Sent from my iPhone On Sep 13, 2012, at 6:43 AM, "Patrick Printz" <[email protected]<mailto:[email protected]>> wrote: How do you block bittorrent and P2P traffic? Is it something that can be done via policy or ACL's? I know I could do it with a packet shaper, but we do not have one yet. I am just curious is someone else has thought of some ingenious way of keeping this traffic contained. Patrick Printz Network Infrastructure Quinsigamond Community College 670 West Boylston Street Worcester, MA 01606-2092 w. 508-854-7517 c. 508-726-9529 "If a man is called a street sweeper, he should sweep streets even as Michelangelo painted, or Beethoven composed music, or Shakespeare wrote poetry. He should sweep streets so well that all the hosts of heaven and Earth will pause to say, Here lived a great street sweeper who did his job well." ~Martin Luther King, Jr. * --To unsubscribe from enterasys, send email to [email protected]<mailto:[email protected]> with the body: unsubscribe enterasys [email protected]<mailto:[email protected]> * --To unsubscribe from enterasys, send email to [email protected]<mailto:[email protected]> with the body: unsubscribe enterasys [email protected]<mailto:[email protected]> * --To unsubscribe from enterasys, send email to [email protected]<mailto:[email protected]> with the body: unsubscribe enterasys [email protected]<mailto:[email protected]> * --To unsubscribe from enterasys, send email to [email protected]<mailto:[email protected]> with the body: unsubscribe enterasys [email protected]<mailto:[email protected]> --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
<<inline: image001.jpg>>
