Use ntop either on a seperate box or find a way to install on zeroshell, or the built in and awesome iptraf, find the ip’s in question and their ports, then apply some classes and classifiers with the ips and ports and give a DSCP of BE 0, lowest possible, for QoS. or, use the firewall section to DROP or whatever instead.
But then there’d be all of these customer classifiers building up and it gets messy.
Or I found best, kind of like yum said, apply the default class of BE 0, and a very low pipe class, and make classes for HTTP, FTP, AIM, etc… Then anything not classified will be lowest priority with DSCP of lowest. I’ve also found putting unclassified ports from IANA of 1025:65535 to lowest priority helps tremendously. Most common apps use lower ports and are registered through IANA, unclassified ones are for third-party apps, i.e, BT, when choosing the random port button, or random port on startup, it is always over 1024.
Now that all uncommon ports are lowest prio, now you can start to make your exceptions, keeps things more organized and managable. It’d be nice to have a “Custom” description field on the classifier when adding one, to distinguish it from the others on the classifier list instead of just the auto-generated one, both would be nice to have. So it can read…
“1024 BE speed after 5Meg transfer”
“MARK all opt — in * out * 0.0.0.0/0 -> 172.16.1.0/24 PHYSDEV match –physdev-is-bridged connbytes 5242880:4294967295 connbytes mode bytes connbytes direction both DSCP match 0x00 MARK set 0xb”
or something… to keep things more human readable and easier to glance at and apply rules.