Documentation for Kerio WinRoute

P2P Eliminator

Peer-to-Peer (P2P) networks are world-wide distributed systems, where each node can represent both a client and a server. These networks are used for sharing big volumes of data (mostly used for illegal data sharing). There are many similar networks, such as DirectConnect, Kazaa, etc.

In addition to illegal data distribution, utilization of P2P networks overload lines via which users are connected to the Internet. Such users may limit connections of other users in the same network and may increase costs for the line (for example when volume of transmitted data is limited for the line).

WinRoute provides the P2P Eliminator module which detects connections to P2P networks and applies specific restrictions. Since there is a large variety of P2P networks and parameters at individual nodes (servers, number of connections, etc.) can be changed, it is hardly possible to detect all P2P connections. However, using various methods (such as known ports, established connections, etc.), the P2P Eliminator is able to detect whether a user connects to one or multiple P2P networks.

Note: According to thorough tests, the detection is highly reliable (probability of failure is very low).

P2P Eliminator Configuration

To configure the P2P Eliminator module, go to the P2P Eliminator tab in the Configuration / Advanced Options section.

The Block P2P networks when detected option enables P2P Eliminator.

As implied by the previous description, it is not possible to block connections to particular P2P networks. P2P Eliminator blocks connection to the Internet from particular hosts (Block all traffic for the particular user) or allow these users to connect to certain services only Allow only predefined services).

Use the Services button to open a dialog where services which will be allowed can be specified. All services defined in Configuration / Definitions / Services are available (for details, refer to chapter Services).

Use the Block traffic for ... minutes parameter to specify the length of time during which traffic will be blocked for the particular host. The P2P Eliminator module enables traffic for this user automatically when the specified time expires. The time of disconnection should be long enough to make the user consider consequences and to stop trying to connect to peer-to-peer networks.

Check the Inform user option if you wish that users at whose hosts P2P networks are detected will be warned and informed about actions to be taken (blocking of all traffic / time-limited restrictions for certain services and length of the period for which restrictions will be applied). This option does not apply to unauthenticated users.

Notes:

1. If a user who is allowed to use P2P networks (see chapter User Accounts) is connected to the firewall from a certain host, no P2P restrictions are applied to this host. Settings in the P2P Eliminator tab are always applied to unauthorized users.

2. Information about P2P detection and blocked traffic can be viewed in the Status / Hosts/users section (for details, refer to chapter Hosts and Users).

3. If you wish to notify also another person when a P2P network is detected (e.g. the WinRoute administrator), define the alert in the Configuration / Logs &Alerts section (for details, see chapter Alerts).

Parameters for detection of P2P networks

Click Advanced to set parameters for P2P detection:

• P2P network port(s) list of ports which are exclusively used by P2P networks. These ports are usually ports for control connections ports (port ranges) for data sharing can be set by users themselves.

  You can use the P2P network port(s) entry to specify ports or port ranges. Use comas to separate individual values.

• Connection count minimal number of concurrent connections which the user must reach to run P2P networks detection.

  Big volume of established connections is a typical feature of P2P networks (usually one connection for each file).

  The optimum value depends on circumstances (type of user's work, frequently used network applications, etc.) and it must be tested. If the value is too low, the system can be unreliable (users who do not use P2P networks might be suspected). If the value is too high, reliability of the detection is decreased (less P2P networks are detected).