Discussion in 'Tomato Firmware' started by BassKozz, Dec 11, 2007.
How can I block access to LimeWire on my network using Tomato?
People still use Limewire?
I thought it was all torrents these days.
(Sorry I don't have any useful info:biggrin
EDIT--I just looked at their website. They obviously do torrents. I was thinking it was like the original Napster.
(Still, I have nothing useful)
It's pretty much a Bittorrent/Edonkey world these days. Even the private nets are now mostly torrents. I don't think there is a L7 filter for it, it's so slow it wouldn't make sense to block it, and not useful enough like bittorrent for legit uses. Just throttle the user instead if they are abusing it.
Its for a network at WORK... my employees are downloading Limewire to get Mp3's and I need to block access at the router level, that way I won't have to keep uninstalling, only to have them re-install it.
The computers that are used are community computers, so throttling a particular computer hurts everyone not just the idiots downloading limewire.
If its a bandwidth issue:
Use a whitelist QoS approach. Give priority to the services you need, and hard cap your "lowest" classification to something like 50%.
If its a legal issue:
You can block Limewire by blocking the Gnutella protocol. Its available as a IPP2P and L7 filter. You can also block most P2P with the IPP2P "block all" option.
However, with protocol encryption, you will not be able to do this for all connections. You will have to just block all connections you cannot classify (white list approach).
Your right, Limewire uses gnutella protocol. I forgot all about them. I was searching for the "limewire" protocol in my L7 list. hehe...
Don't forget you can also encourage them to use 'internet streaming radio' instead which will still give them something to listen to in the cubicle farm but is low bandwidth as it's one way, and low bitrate (128 kbit usually).
But yeah, QOS is the best solution because at the end of the day, if they have 'install' abilities on the PCs, and there is at least ONE port open, they can always set up something remotely to act as a tunnel and will continue to merrily download away. Threats aren't good for morale either.
Thanks for all the great advise, I think I'll go with the block "Gnutella" route.
BassKozz, were you successful in blocking Limewire? I also tried the suggested blocking via IPP2P and L7...both were unsuccessful. I know the MAC addresses of the PC's, so I ended up blocking all ports except 53, 80, and 443 until I figure out how to successfully block Limewire.
Sorry for the delay AlpineMan,
It's hard to say, I manage the router remotely, and I haven't had a chance to sit behind a terminal yet to see how it worked...
BTW, OpenDNS just added some new features that include P2P blocking: http://blog.opendns.com/2008/02/20/web-content-filtering/
Again I haven't had a chance to see how well this works, but I would love to hear some feedback from anyone who has???