Reducing the impact of P2P users on home network

Amateur though I am, I've become the default manager for internet access
in our large home. The hardware consists of a cable modem and older model
WRT54G with updated firmware. All but my own PC (which connected via the
local ethernet port on the router) are using wireless. This has worked
quite well until the two college-age folks in the house started getting
heavy into P2P (Limewire and Sharezaa). This has had a noticeable performance
impact on net access, and I'd like to try to improve things.

I am not in a position to prohibit these kids from using P2P, and polite
efforts to get them to limit the number of connections, and to postpone
heavy transfers to off-hours has not worked for very long. I understand
that various port blocking rules within the router are largely ineffective
because the P2P clients use port-hopping, and can even use port 80 if
notinh else works. I was wondering if a more sophisticated hardware solution
might help us.

My first understanding is that the limited CPU power and RAM in an
inexpensive router get overwhelmed by such a large number of connections.
Would a more robust hardware (NAT router) be likely to help? If yes, and
specific suggestions?

From what I gather, true hardware firewall appliances allow the use of
rules that can limit the number of connections and the bandwidth allotted
to each client IP address. This, to me, seems very attractive (although
more expensive) and I was wondering if interposing a firewall between the
cable modem and the router (or discarding the modem and using the firewall
with an access point) would achieve the desired end. Any specific
suggestions?

Re: Reducing the impact of P2P users on home network

In article , on Thu, 21 Dec 2006
20:26:47 +0000 (UTC), Mike S. wrote:

>
>
> Amateur though I am, I've become the default manager for internet access
> in our large home. The hardware consists of a cable modem and older model
> WRT54G with updated firmware.
[snip]
> From what I gather, true hardware firewall appliances allow the use of
> rules that can limit the number of connections and the bandwidth allotted
> to each client IP address. This, to me, seems very attractive (although
> more expensive) and I was wondering if interposing a firewall between the
> cable modem and the router (or discarding the modem and using the firewall
> with an access point) would achieve the desired end. Any specific
> suggestions?

Since you have a WRT54G, the first thing I would try (assuming you've
ruled out beatings and electro-shock), is to flash the *free* DD-WRT
third party firmware onto your WRT54G. DD-WRT has a slew of Quality of
Service settings, including the ability to limit bandwidth by MAC
address, which sounds right up your alley.

The main DD-WRT wiki page is at:
http://www.dd-wrt.com/wiki/index.php/Main_Page

The QoS settings are described here:
http://www.dd-wrt.com/wiki/index.php/QoS

and you can download DD-WRT from:
http://www.dd-wrt.com/dd-wrtv2/downloads.php


I use DD-WRT myself, and recommend it highly. And, you can't beat the
price!

Good luck!

--
Seth Goodman

Re: Reducing the impact of P2P users on home network

In article ,
Seth Goodman wrote:
>In article , on Thu, 21 Dec 2006
>20:26:47 +0000 (UTC), Mike S. wrote:
>
>>
>>
>> Amateur though I am, I've become the default manager for internet access
>> in our large home. The hardware consists of a cable modem and older model
>> WRT54G with updated firmware.
>[snip]
>> From what I gather, true hardware firewall appliances allow the use of
>> rules that can limit the number of connections and the bandwidth allotted
>> to each client IP address. This, to me, seems very attractive (although
>> more expensive) and I was wondering if interposing a firewall between the
>> cable modem and the router (or discarding the modem and using the firewall
>> with an access point) would achieve the desired end. Any specific
>> suggestions?

[woops ... I meant discarding the ROUTER]

>Since you have a WRT54G, the first thing I would try (assuming you've
>ruled out beatings and electro-shock), is to flash the *free* DD-WRT
>third party firmware onto your WRT54G. DD-WRT has a slew of Quality of
>Service settings, including the ability to limit bandwidth by MAC
>address, which sounds right up your alley.
>
>The main DD-WRT wiki page is at:
>http://www.dd-wrt.com/wiki/index.php/Main_Page
>
>The QoS settings are described here:
>http://www.dd-wrt.com/wiki/index.php/QoS
>
>and you can download DD-WRT from:
>http://www.dd-wrt.com/dd-wrtv2/downloads.php

Thanks. The WRT54G does have some QOS facility in the recent firmware but
the DD-WRT seems to be more comprehensive. Since everything is on DHCP
right now, I suppose the priorities for the two problem users could be
assigned based on MAC address, as the IP's are always changing.

Is the DD-WRT flash a one-way deal - i.e. is it possible to go back to
Linksys factory F/W afterward?

Re: Reducing the impact of P2P users on home network

In article , on Thu, 21 Dec 2006
21:33:04 +0000 (UTC), Mike S. wrote:

>
> Is the DD-WRT flash a one-way deal - i.e. is it possible to go back to
> Linksys factory F/W afterward?
>

You can revert at any time - just flash with the stock firmware from the
Linksys site.


--
Seth Goodman

Re: Reducing the impact of P2P users on home network

On Thu, 21 Dec 2006 20:26:47 +0000 (UTC), retsuhcs@xinap.moc (Mike S.)
wrote:

>Amateur though I am, I've become the default manager for internet access
>in our large home.

You have my sympathy.

>The hardware consists of a cable modem and older model
>WRT54G with updated firmware. All but my own PC (which connected via the
>local ethernet port on the router) are using wireless. This has worked
>quite well until the two college-age folks in the house started getting
>heavy into P2P (Limewire and Sharezaa). This has had a noticeable performance
>impact on net access, and I'd like to try to improve things.

Noticeable? I suspect your network comes to a complete stop when
they're serving out stolen music and movies.

>I am not in a position to prohibit these kids from using P2P, and polite
>efforts to get them to limit the number of connections, and to postpone
>heavy transfers to off-hours has not worked for very long.

Are you in a position to send them an invoice proportional to their
usage? Instead of interposing a bandwidth manager, it might be better
to simply charge them for their over-use. If you switch to
alternative firmware for your WRT54G such as DD-WRT:

it will add SNMP as a feature. You can then use any of an assortment
of SNMP based traffic monitoring and measuring tools such at MRTG or
preferably RRDTool.

Just setup pre-assigned DHCP IP addresses to all the equipment. Then,
Just monitor the traffic for the month by IP address, calculate the
proportional usage, and send them a giant bill. Be sure to amortize
the cost of the added equipment and your time playing policeman. My
guess(tm) is that it will probably equal the cost of them getting
their own DSL or cable service.

>I understand
>that various port blocking rules within the router are largely ineffective
>because the P2P clients use port-hopping, and can even use port 80 if
>notinh else works. I was wondering if a more sophisticated hardware solution
>might help us.

Generally true. However, if you can identify the specific computers
that are consistently doing the downloading, you can also apply QoS
(Quality of Service) limits to those IP's, regardless of how many IP
ports they open. QoS options for DD-WRT:

Of course, if they change their MAC address, or introduce a new
computer, such QoS by IP address or MAC address is useless.

>My first understanding is that the limited CPU power and RAM in an
>inexpensive router get overwhelmed by such a large number of connections.
>Would a more robust hardware (NAT router) be likely to help? If yes, and
>specific suggestions?

That's just one problem. Most file sharing software opens a huge
number of ports and buffers. The result is that they also allocate a
huge number of buffers in the router. If the router firmware hasn't
been tested for such unusual operation, it might crash. The best way
to prevent this is to tweak the file sharing client to limit the
number of simultaneous connections, and the number of streams.

The other major problem is that file sharing that it tends to saturate
your uplink. Your cable modem may have 6MBits/sec or more of incoming
bandwidth, but if the 384k or 512kbits/sec of uplink bandwidth is
saturated, incoming bandwidth will appear useless because the outgoing
ACK's and responses will probably be lost or delayed by the
constipated uplink.

>From what I gather, true hardware firewall appliances allow the use of
>rules that can limit the number of connections and the bandwidth allotted
>to each client IP address. This, to me, seems very attractive (although
>more expensive) and I was wondering if interposing a firewall between the
>cable modem and the router (or discarding the modem and using the firewall
>with an access point) would achieve the desired end. Any specific
>suggestions?

If you like spending money, there are several dedicated bandwidth
managers on the market. All will require a dedicated PC to run the
software:




(Lots more. Search Google for "bandwidth manager").

Otherwise, you already have a router that can do QoS. I suggest that
you:
1. Replace WRT54G firmware with DD-WRT v23 SP2.
2. Setup fixed MAC to IP address DHCP mapping in WRT54G.
3. Implement QoS by IP address or MAC address.
4. Setup monitoring so you can document abuse and bill accordingly.

--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831-336-2558 jeffl@comix.santa-cruz.ca.us
# http://802.11junk.com jeffl@cruzio.com
# http://www.LearnByDestroying.com AE6KS

Re: Reducing the impact of P2P users on home network

On Thu, 21 Dec 2006 21:53:05 GMT, in alt.internet.wireless , Jeff
Liebermann wrote:

>Of course, if they change their MAC address, or introduce a new
>computer, such QoS by IP address or MAC address is useless.

This is one of the few places where MAC-address based permissioning on
the router is useful.

--
Mark McIntyre

Re: Reducing the impact of P2P users on home network

On Thu, 21 Dec 2006 22:19:08 +0000, Mark McIntyre
wrote:

>On Thu, 21 Dec 2006 21:53:05 GMT, in alt.internet.wireless , Jeff
>Liebermann wrote:
>
>>Of course, if they change their MAC address, or introduce a new
>>computer, such QoS by IP address or MAC address is useless.
>
>This is one of the few places where MAC-address based permissioning on
>the router is useful.

Yep. However, it's easy enough for a user to change their MAC
address, making this a rather awkward method of monitoring. I've
recently been installing arpwatch into DD-WRT to detect any "unusual"
new users:




Make sure to first enable JFFS2 support on the:
Admin -> Management
page. It won't stop the users for changing their MAC address, but it
will detect them when they try.

Argh.... "ipkg update" doesn't seem to be working for me today. Now,
what did I do wrong this time? Oh, no flash space. It's full.






--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831-336-2558 jeffl@comix.santa-cruz.ca.us
# http://802.11junk.com jeffl@cruzio.com
# http://www.LearnByDestroying.com AE6KS

Re: Reducing the impact of P2P users on home network

Obviously a large home to you is quite different than a large home to me. I can't
use a wireless router my main house is too big.

"Mike S." wrote:

> Amateur though I am, I've become the default manager for internet access
> in our large home. The hardware consists of a cable modem and older model
> WRT54G with updated firmware. All but my own PC (which connected via the
> local ethernet port on the router) are using wireless. This has worked
> quite well until the two college-age folks in the house started getting
> heavy into P2P (Limewire and Sharezaa). This has had a noticeable performance
> impact on net access, and I'd like to try to improve things.
>
> I am not in a position to prohibit these kids from using P2P, and polite
> efforts to get them to limit the number of connections, and to postpone
> heavy transfers to off-hours has not worked for very long. I understand
> that various port blocking rules within the router are largely ineffective
> because the P2P clients use port-hopping, and can even use port 80 if
> notinh else works. I was wondering if a more sophisticated hardware solution
> might help us.
>
> My first understanding is that the limited CPU power and RAM in an
> inexpensive router get overwhelmed by such a large number of connections.
> Would a more robust hardware (NAT router) be likely to help? If yes, and
> specific suggestions?
>
> From what I gather, true hardware firewall appliances allow the use of
> rules that can limit the number of connections and the bandwidth allotted
> to each client IP address. This, to me, seems very attractive (although
> more expensive) and I was wondering if interposing a firewall between the
> cable modem and the router (or discarding the modem and using the firewall
> with an access point) would achieve the desired end. Any specific
> suggestions?

Re: Reducing the impact of P2P users on home network

Mark McIntyre wrote:

> On Thu, 21 Dec 2006 21:53:05 GMT, in alt.internet.wireless , Jeff
> Liebermann wrote:
>
> >Of course, if they change their MAC address, or introduce a new
> >computer, such QoS by IP address or MAC address is useless.
>
> This is one of the few places where MAC-address based permissioning on
> the router is useful.

If they are smart enough, they can find out what MAC addresses other
users equipment have and "borrow" one of these.

Re: Reducing the impact of P2P users on home network

Jeff Liebermann wrote:

> Be sure to amortize the cost of the added equipment and your time playing
> policeman.

And he might also ask them to sign an agreement indemnifying him and the
other residents of the house for any fines, settlements, legal fees, or
other expenses incurred in case the RIAA et al should come knocking at
the door.

Re: Reducing the impact of P2P users on home network

Axel Hammerschmidt wrote:

> If they are smart enough, they can find out what MAC addresses other
> users equipment have and "borrow" one of these.

At which point the OP could put limits on all devices and announce that
this had been done to preserve some measure of service for all users.
This might encourage the other residents of the house to evict the two
P2P fiends.

Re: Reducing the impact of P2P users on home network

In article <458B1B90.456A4139@TheDeli.Sandwich>,
Tony wrote:
>Obviously a large home to you is quite different than a large home to
>me. I can't
>use a wireless router my main house is too big.

Well, there are 3 floor plus basement. Except for a couple of dead spots
in the basement (I'm using a high gain directional antenna down there)
we've been quite impressed with the coverage.

Re: Reducing the impact of P2P users on home network

Neill Massello wrote:

> Axel Hammerschmidt wrote:
>
> > If they are smart enough, they can find out what MAC addresses other
> > users equipment have and "borrow" one of these.
>
> At which point the OP could put limits on all devices and announce that
> this had been done to preserve some measure of service for all users.
> This might encourage the other residents of the house to evict the two
> P2P fiends.

He could do that without first installing dd-wrt :-)

Re: Reducing the impact of P2P users on home network

Mike S. wrote:

> In article <458B1B90.456A4139@TheDeli.Sandwich>,
> Tony wrote:
>
> >Obviously a large home to you is quite different than a large home to me.
> >I can't use a wireless router my main house is too big.
>
> Well, there are 3 floor plus basement. Except for a couple of dead spots
> in the basement (I'm using a high gain directional antenna down there)
> we've been quite impressed with the coverage.

And some people use square feet :-)

Re: Reducing the impact of P2P users on home network

Tony wrote:

> Obviously a large home to you is quite different than a large home to me.
> I can't use a wireless router my main house is too big.

Too bad you can't afford additional access points.

Re: Reducing the impact of P2P users on home network

Axel Hammerschmidt wrote:
>
> And some people use square feet :-)

My feet are flat... Guess I use a non-standard flat feet measurement :)

Re: Reducing the impact of P2P users on home network

On Thu, 21 Dec 2006 15:30:51 -0800, in alt.internet.wireless , Jeff
Liebermann wrote:

>On Thu, 21 Dec 2006 22:19:08 +0000, Mark McIntyre
> wrote:
>
>>On Thu, 21 Dec 2006 21:53:05 GMT, in alt.internet.wireless , Jeff
>>Liebermann wrote:
>>
>>>Of course, if they change their MAC address, or introduce a new
>>>computer, such QoS by IP address or MAC address is useless.
>>
>>This is one of the few places where MAC-address based permissioning on
>>the router is useful.
>
>Yep. However, it's easy enough for a user to change their MAC
>address, making this a rather awkward method of monitoring.

What I meant was to restrict the list of MACs that can get IPs from
the router, then set up QoS rules on each of those. If your students
change their MAC, they can't get an IP. Obviously they could clone the
MAC of someone else in the house but then that person would get locked
out and they'd complain.

--
Mark McIntyre

Re: Reducing the impact of P2P users on home network

On Fri, 22 Dec 2006 00:44:24 +0100, in alt.internet.wireless ,
hlexa@hotmail.com (Axel Hammerschmidt) wrote:

>Mark McIntyre wrote:
>
>> On Thu, 21 Dec 2006 21:53:05 GMT, in alt.internet.wireless , Jeff
>> Liebermann wrote:
>>
>> >Of course, if they change their MAC address, or introduce a new
>> >computer, such QoS by IP address or MAC address is useless.
>>
>> This is one of the few places where MAC-address based permissioning on
>> the router is useful.
>
>If they are smart enough, they can find out what MAC addresses other
>users equipment have and "borrow" one of these.

Sure, but then the other person would get locked out, and complain.
It'd be a quick job to ID who was 'stealing' access, and permanently
exclude them.

Myself, I just block all P2P use by edict, and if I were to catch
anyone at it (detectable by large upload volumes) I'd take away their
net access for a month, or require them to pay the bill, or both. This
is my house, I'm in charge!


--
Mark McIntyre

Re: Reducing the impact of P2P users on home network

On Thu, 21 Dec 2006 17:10:08 -0700, in alt.internet.wireless ,
massello@newsguy.com (Neill Massello) wrote:

>Jeff Liebermann wrote:
>
>> Be sure to amortize the cost of the added equipment and your time playing
>> policeman.
>
>And he might also ask them to sign an agreement indemnifying him and the
>other residents of the house for any fines, settlements, legal fees, or
>other expenses incurred in case the RIAA et al should come knocking at
>the door.

We have a lodger and our agreement with them contains exactly such a
clause.
--
Mark McIntyre

Re: Reducing the impact of P2P users on home network

"Neill Massello" wrote in message
news:1hqplu1.hczdyu15vebqbN%massello@newsguy.com...
> Tony wrote:
>
>> Obviously a large home to you is quite different than a large home to me.
>> I can't use a wireless router my main house is too big.
>
> Too bad you can't afford additional access points.
>
Or high gain antennas

Re: Reducing the impact of P2P users on home network

Mike S. wrote:
> Amateur though I am, I've become the default manager for internet access
> in our large home. The hardware consists of a cable modem and older model
> WRT54G with updated firmware. All but my own PC (which connected via the
> local ethernet port on the router) are using wireless. This has worked
> quite well until the two college-age folks in the house started getting
> heavy into P2P (Limewire and Sharezaa). This has had a noticeable performance
> impact on net access, and I'd like to try to improve things.
>
> I am not in a position to prohibit these kids from using P2P,

Just advise whomever is responsible that you will be expecting them to
pay the $10,000 fine noted in the demand letter that will be addressed
to you.


and polite
> efforts to get them to limit the number of connections, and to postpone
> heavy transfers to off-hours has not worked for very long. I understand
> that various port blocking rules within the router are largely ineffective
> because the P2P clients use port-hopping, and can even use port 80 if
> notinh else works. I was wondering if a more sophisticated hardware solution
> might help us.
>
> My first understanding is that the limited CPU power and RAM in an
> inexpensive router get overwhelmed by such a large number of connections.
> Would a more robust hardware (NAT router) be likely to help? If yes, and
> specific suggestions?
>
> From what I gather, true hardware firewall appliances allow the use of
> rules that can limit the number of connections and the bandwidth allotted
> to each client IP address. This, to me, seems very attractive (although
> more expensive) and I was wondering if interposing a firewall between the
> cable modem and the router (or discarding the modem and using the firewall
> with an access point) would achieve the desired end. Any specific
> suggestions?
>

Re: Reducing the impact of P2P users on home network

retsuhcs@xinap.moc (Mike S.) wrote in
news:emeqm7$oj3$1@reader2.panix.com:

>
>
> Amateur though I am, I've become the default manager for internet
> access in our large home. The hardware consists of a cable modem and
> older model WRT54G with updated firmware. All but my own PC (which
> connected via the local ethernet port on the router) are using
> wireless. This has worked quite well until the two college-age folks
> in the house started getting heavy into P2P (Limewire and Sharezaa).
> This has had a noticeable performance impact on net access, and I'd
> like to try to improve things.
>
> I am not in a position to prohibit these kids from using P2P, and
> polite efforts to get them to limit the number of connections, and to
> postpone heavy transfers to off-hours has not worked for very long. I
> understand that various port blocking rules within the router are
> largely ineffective because the P2P clients use port-hopping, and can
> even use port 80 if notinh else works. I was wondering if a more
> sophisticated hardware solution might help us.
>
> My first understanding is that the limited CPU power and RAM in an
> inexpensive router get overwhelmed by such a large number of
> connections. Would a more robust hardware (NAT router) be likely to
> help? If yes, and specific suggestions?
>
> From what I gather, true hardware firewall appliances allow the use of
> rules that can limit the number of connections and the bandwidth
> allotted to each client IP address. This, to me, seems very attractive
> (although more expensive) and I was wondering if interposing a
> firewall between the cable modem and the router (or discarding the
> modem and using the firewall with an access point) would achieve the
> desired end. Any specific suggestions?
>

grab an old p2 box and istall m0n0wall (http://www.m0n0.ch) or pfsense
(www.pfsense.com) on it, put it between your cable modem and the WRT54G,
and use the traffic shaping rules to crush the P2P traffic. You won't
prohibit it (unless you want to), but you can certainly squash it to the
point where it becomes too boring for them to wait, and you can blame it
on your ISP as the m0n0/pfsense box is transparent to them unless they
physically look at your setup, or know what to look for. If you have an
old system laying around with some extra network cards, this is the
cheapest option.. its free.

--

Whats easier for kissing random strangers? Misletoe or chloroform?

Re: Reducing the impact of P2P users on home network

Wheaty wrote:
> retsuhcs@xinap.moc (Mike S.) wrote in
> news:emeqm7$oj3$1@reader2.panix.com:
>
> >
> >
> > Amateur though I am, I've become the default manager for internet
> > access in our large home. The hardware consists of a cable modem and
> > older model WRT54G with updated firmware. All but my own PC (which
> > connected via the local ethernet port on the router) are using
> > wireless. This has worked quite well until the two college-age folks
> > in the house started getting heavy into P2P (Limewire and Sharezaa).
> > This has had a noticeable performance impact on net access, and I'd
> > like to try to improve things.
> >
> > I am not in a position to prohibit these kids from using P2P, and
> > polite efforts to get them to limit the number of connections, and to
> > postpone heavy transfers to off-hours has not worked for very long. I
> > understand that various port blocking rules within the router are
> > largely ineffective because the P2P clients use port-hopping, and can
> > even use port 80 if notinh else works. I was wondering if a more
> > sophisticated hardware solution might help us.
> >
> > My first understanding is that the limited CPU power and RAM in an
> > inexpensive router get overwhelmed by such a large number of
> > connections. Would a more robust hardware (NAT router) be likely to
> > help? If yes, and specific suggestions?
> >
> > From what I gather, true hardware firewall appliances allow the use of
> > rules that can limit the number of connections and the bandwidth
> > allotted to each client IP address. This, to me, seems very attractive
> > (although more expensive) and I was wondering if interposing a
> > firewall between the cable modem and the router (or discarding the
> > modem and using the firewall with an access point) would achieve the
> > desired end. Any specific suggestions?
> >
>
> grab an old p2 box and istall m0n0wall (http://www.m0n0.ch) or pfsense
> (www.pfsense.com) on it, put it between your cable modem and the WRT54G,
> and use the traffic shaping rules to crush the P2P traffic. You won't
> prohibit it (unless you want to), but you can certainly squash it to the
> point where it becomes too boring for them to wait, and you can blame it
> on your ISP as the m0n0/pfsense box is transparent to them unless they
> physically look at your setup, or know what to look for. If you have an
> old system laying around with some extra network cards, this is the
> cheapest option.. its free.
>

The problem with modern p2p traffic is that much of the traffic is not
p2p transfers, but icmp discovery and http directory exchange, which
cannot be distinguished from normal icmp and http. You can limit icmp,
but then you'll get dropped pings and customers will complain about
your network.

We've found the best strategy for managing abusers is to control each
IP/customer with an individual bandwidth profile. Our product allows
you to allow users to burst only for specific periods of time, and also
control the packets/second in addition to bandwidth. We've found that
abusive protocols tend to have much higher pps usage than well-behaved
protocols, so pps is very effective.

The concept behind per-customer control is simple: you don't allow any
one user to use more than his fair share of bandwidth. Another problem
with the "squash p2p" method is that users who want to download 1 or 2
songs can't do it, becuase you've generally disabled p2p on your
network. If a customer subscibes to a 512K service, why shouldnt they
be able to do whatever they want with their bandwidth, as long as they
don't abuse it? With per customer settings, if a user chooses to fire
up p2p, they only squash themselves. If they complain that they can't
surf, you simply tell them to turn off the p2p program and they'll be
able to surf. Its a strategy thats not only fair, its very, very
effective.

Dennis Baasch
Emerging Technologies, Inc.

Re: Reducing the impact of P2P users on home network

dennis@etinc.com wrote in news:1167395889.320709.295340
@i12g2000cwa.googlegroups.com:


>
> The problem with modern p2p traffic is that much of the traffic is not
> p2p transfers, but icmp discovery and http directory exchange, which
> cannot be distinguished from normal icmp and http. You can limit icmp,
> but then you'll get dropped pings and customers will complain about
> your network.
>
> We've found the best strategy for managing abusers is to control each
> IP/customer with an individual bandwidth profile. Our product allows
> you to allow users to burst only for specific periods of time, and
also
> control the packets/second in addition to bandwidth. We've found that
> abusive protocols tend to have much higher pps usage than well-behaved
> protocols, so pps is very effective.
>
> The concept behind per-customer control is simple: you don't allow any
> one user to use more than his fair share of bandwidth. Another problem
> with the "squash p2p" method is that users who want to download 1 or 2
> songs can't do it, becuase you've generally disabled p2p on your
> network. If a customer subscibes to a 512K service, why shouldnt they
> be able to do whatever they want with their bandwidth, as long as they
> don't abuse it? With per customer settings, if a user chooses to fire
> up p2p, they only squash themselves. If they complain that they can't
> surf, you simply tell them to turn off the p2p program and they'll be
> able to surf. Its a strategy thats not only fair, its very, very
> effective.
>
> Dennis Baasch
> Emerging Technologies, Inc.
>
>

That sounds all well and good, but I do know a couple of things. Each
user (specific IP) can be allotted a particular total bandwidth share by
using pf or m0n0. I have never done it, but I have read of it being done
through the use of pipes/ queues, static DHCP and the like.
Secondly, although I may have read further into it than I should have,
it sounds to me as thought the OP is the subscriber, not the offending
downloaders. So going on that assumption- wrong or not- it is well
within his rights to throttle back the P2P traffic as much as he likes.
But, if I am wrong, so be it.
While your product sounds interesting, what is the cost? Is it
comparable to free?
There are a number of ISP's who do consider downloading one or two songs
abuse... copyright infringement. But that is a topic for another group
;-)

--

Whats easier for kissing random strangers? Misletoe or chloroform?