high bandwidth blocklist

Home Page Forums Network Management Networking high bandwidth blocklist

This topic contains 0 replies, has 0 voices, and was last updated by  mountainman 4 years, 9 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #43984

    mountainman
    Participant

    I’m managing a small wifi network for a summer camp. We have a 40GB monthly data allowance from the satellite provider and around 40 users, using Zeroshell as a router and captive portal to handle user access. To limit the usage, I need to block high bandwidth sites… this system is intended for limited use, check email, etc., not spend all day surfing or downloading videos.

    I’ve already blocked some sites, like the streaming porn one user was accessing last year, and obvious ones like youtube (youtube.com as well as youtou.be), but I’d like to find a list of high bandwidth sites to block. Netflix seems an obvious one, but, for example, does it actually stream from netflix.com or some other site? Ditto for windows update (windowsupdate.com? or something else?) and Skype (ideally I’d allow Skype voice but block the video). I don’t want to be a net censor, just want to insure fair use of the available bandwidth for all users and not pay the exorbitant overage charges from our provider.

    Anybody know of a list of such sites?

    #53363

    WhatNameIsAllowed
    Participant

    I would suggest in addition to your blacklist that you enable QoS and use it less for traffic shaping and more to limit the maximum bandwidth available. 40 Gigabytes per month equates to about 125 kilobits per second of constant use for the whole month (beware that this is both ways, so you might want to consider that more 100 kb/s down and 25 kb/s up, and also this is before any protocol overhead on the satellite side (not sure if your provider counts that or not). Just using these numbers you could use QoS to put absolute max limits on all traffic and ensure you’d stay under your cap, although 1 guy with bittorrent could still make everyone else miserably slow…

    I would also suggest blocking all outgoing traffic except for port 80 (HTTP) and port 443 (HTTPS). Granted some things like encrypted Bittorrent can be very hard to throttle as it uses HTTPS, but its still worth a shot.

    As for your blacklist, google should help. A quick search for Windows Update gave me this list:

    http://windowsupdate.microsoft.com
    http://*.windowsupdate.microsoft.com
    https://*.windowsupdate.microsoft.com
    http://*.update.microsoft.com
    https://*.update.microsoft.com
    http://*.windowsupdate.com
    http://download.windowsupdate.com
    http://download.microsoft.com
    http://*.download.windowsupdate.com
    http://wustat.windows.com
    http://ntservicepack.microsoft.com
    https://*.ws.microsoft.com
    http://*.ws.microsoft.com

    (taken from http://support.microsoft.com/kb/818018)

    Also, you might want to see if your satellite provider has an “unmetered” period in the late night / early morning timeslot.

    A big difference between being a net censor and a fair admin is good communication – I suggest placing a message on your captive portal letting people know that you’re trying to conserve bandwidth and to please don’t stream videos and such. That might be more effective than you’d think.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.