Battling Bittorrent

Is he authorized by his ISP to sublet the T1 to others? If so, then he is in effect a common carrier (like a phone company) and not responsible for the use of the service. As soon as he starts taking measures to prevent certain traffic he is assuming responsibility. I'd contact a lawyer before doing anything at all.

If he isn't authorized by his ISP to sublet their T1 then I wouldn't even get involved. "You're on your own pal."

If each apartment has its own port on a managed switch somewhere in the building, seeing their traffic levels should be pretty simple with something like MRTG.

However, this seems like more of a legal issue than a technical issue. IANAL, but by trying to police the connection the owner is essentially giving up any sort of "common carrier" status he might have had (if any at all). If I were in this position, each apartment would get a static IP to get out to the Internet. If the MPAA/RIAA came knocking, I would politely direct them to the tenant who "owns" the IP address in question.

The best social solution I've seen is to give the letter to the tenants and after 3 notices terminate their internet service. Most complexes I've worked in have that policy and it works well. After the first or second letter you see their bandwidth usage drop significantly.

Otherwise I wouldn't worry about it. He wont have the connection shut off for receiving a mass "we saw you download this" emails or letter. The chances of it going to court are very slim. Personally if I had a T1 (or something faster..) I'd ask for a ip address block and give each apartment it's own public ip, then it's trivial to trace who did what and to shift blame.

Everyone here has already talked about the legality issues with this kind of setup, so I won't beat that dead horse more.

If you'd like a good free tool for monitoring internet traffic, you might want to try IPAUDIT as it will give you pretty good information about your host's traffic use. I have a post in the following question (IPAUDIT is a Linux-based solution for traffic monitoring): https://serverfault.com/questions/8267/monitor-internet-bandwidth

You could also find some good answers in this quesiton: Network Traffic Monitoring

I'm going to have to be really negative about this... Trying to fight Bit Torrent the technical way is going to lead to a lot of headaches for near zero efficiency. Bit Torrent can be encapsulated in SSL on port 443 making it no different then browsing an HTTPS website.

The only solution is to talk to the people and get them to slow down or just stop...

I'd look at graphing bandwidth-usage statistics. Since he's using wired distribution, using SNMP counters (provided the distribution switches are capable) is one great way to get statistics (assuming that the tennants aren't sending traffic anywhere but the Internet-- i.e. not peer-to-peer on the LAN) about bandwidth usage. MRTG, Cacti, etc are your friend for this.

If the tennants are doing peer-to-peer networking he'll need to do some traffic profiling at the egress onto the Internet. You could do that on the cheap with a Linux iptables installation and some logging rules.

The owner is probably best served speaking to an attorney about this (though that's going to cost money). It would be a good idea if he made sure he wasn't going to end up being the target of litigation.

He needs to be very careful of his legal standing, as mentioned in the other posts. Talk to a lawyer.

There are a few technical means to deal with this. But I am afraid that trying anything will just get him in deeper. A lawyer could spin his attempt at technical control in several directions.

No good deed goes unpunished.

(Or he could just install peerguardian as a gateway service)

The only reasonably way to ensure integrity of your network is to, by default, restrict all access except the ones you allow. All other methods, if you still insist on having full network control, is just playing catch-up with the newest greatest (and oldest well known) protocols used for sending data from a to b and vice versa.

But if you are interested in job security and a lot of administrative work, go for it.

BTW you didn't say from which country you came from, jurisdiction is quite different on this topic across the world but I assume US since you are talking about a T1 pipe.

Something which apparently works quite well in the states is writing back with some legal jargon stating that they may chose between either one explanation:

• The copyright owner gave implicit right for making use of the availability of that work
• The received work is not the same as the work referred to in your allegations

Always end your letter with a friendly greeting and the option to further discuss the matter, stating your consultancy tariff.

I'll improve on the best answer.

You should buy a Smoothwall Firewall appliance (or IPCop, MonoWall, LEAF,or pfSense) because Smoothwall uses MRTG. Smoothwall will give you all kinds of additional features.

You can buy a cheap dual-NIC firewall appliance for only a few hundred dollars.

or make one yourself using a dual-NIC mini-ITX motherboard like a EPIA-M700 ($257) or a EPIA LT or a EPIA PE .

I'd say to institute connection/disconnection/UDP packet address and DHCP logging on the router, and include the router port # in the logs. The idea here being that the RIAA letter should include date/time/ip of the infringement. From that, you can lookup which router port (and thus which apartment) was committing the infringement, and forward the letter. These logs will be big, but since they don't include packet contents, they shouldn't be TOO big. And if the landlord is NATting, the inbound UDP traffic should be very small.

This lets the landlord prove (as far as he can) which party is responsible and pass the hassle down to them appropriately. In any lawsuit the landlord should be able to successfully get out of anything except answering some subpoenas for logs.