MikroTik

Hi Specialist.

I have tryed blocking ares p2p packets and I have not accomplished it.
I followed the instructions on this forum but I can get good results.
If you see on ip/firewall/connectios you will see all the warez conections closed, however, my ares still downloading at very high speed!

It seems Ares doesn´t use only p2p connection, then, firewall cant detecting and files are downloaded anyway.

Ok. I am ansiuos to solve this problems.

eDonkey was bloqued succesfuly.

THANKS

note that the rules will only affect new connections, if your ares was running before you added the rules, it will not be affected. disconnect that client and make him reconnect.

this rule should block all p2p including Ares:

Nomis, First of all, thank you for your quickly response.
RouterOS 2.9.44
I have already done what you said, but Ares still downloading as fast as he can! even after disconnect-reconnect ares; restarting computer; after whatever I do.
Here you are Firewall lines I setted. (192.168.2.249 is the test computer)

Flags: X - disabled, I - invalid, D - dynamic
0 chain=forward action=drop p2p=all-p2p dst-address=192.168.2.249

1 chain=forward action=drop p2p=all-p2p src-address=192.168.2.249

2 chain=forward action=accept p2p=!all-p2p src-address=192.168.2.249
...

You can see redundance in the last line. I have tryed almost all!. I have mangled packets too and then drop this packets.

I could see in ip/firewall/connections lot of lines saying...

A 192.168.2.249:1902 190.64.90.112:57504 6(tcp) none warez stablished 23:59:59

among other lines saying

A 192.168.2.249:1894 190.25.97.85:44503 6(tcp) none warez time wait 00:00:03


My problem is on Ares. eDonkey is copmpletely bloqued.

Thanks Normis.!

try this:

/ip firewall filter
add chain=forward action=drop src-port=0 protocol=udp comment="Drop Ares UDP 0 src" disabled=no
add chain=forward action=drop dst-port=0 protocol=udp comment="Drop Ares UDP 0 dst" disabled=no

It finished my nightmares with this "evil" ares
Try 'n tell us what happens...

try this:

/ip firewall filter
add chain=forward action=drop src-port=0 protocol=udp comment="Drop Ares UDP 0 src" disabled=no
add chain=forward action=drop dst-port=0 protocol=udp comment="Drop Ares UDP 0 dst" disabled=no

It finished my nightmares with this "evil" ares
Try 'n tell us what happens...

Hi there!.
Thanks 4 your feedback.
One question, is that rule 4 blocking only ares?. I mean, because it seems 2 block all udp protocols.

Thanks.

Droping UDP src-port & dest-port=0 It does not work so well. I think Ares find anothers UDP ports and it acomplishes conection through them. However it gets lower download rates but It never cut traffic! seeing on firewal / connections you can see udp port opens about 56300 to 62000.

May be some bdy can MANGLE packets about ARES and then drop them.

Thanks A lot anyway !

this rule should block all p2p including Ares:

Code: Select all

/ip firewall filter add chain=forward p2p=all-p2p action=drop

It also blocks all MSN, Yahoo, Skype etc VOIP and Video Over IP...... Not recommended, Sorry...

It also blocks all MSN, Yahoo, Skype etc VOIP and Video Over IP...... Not recommended, Sorry...

since when it started to block skype. msn and yahoo??? You just made that up?

/ip firewall filter add chain=forward p2p=all-p2p action=drop
p2p matcher have never matched skype, etc... and i suppose never will.

this rule should block all p2p including Ares:

Code: Select all

/ip firewall filter add chain=forward p2p=all-p2p action=drop

It also blocks all MSN, Yahoo, Skype etc VOIP and Video Over IP...... Not recommended, Sorry...

this is not true, sorry. it only blocks piracy programs, some examples:
bit-torrent | blubster | direct-connect | edonkey | fasttrack | gnutella | soulseek | warez | winmx

Normis, It does not block ARES program.!
have you tryed your self?

Ares uses http services to download packets as well as P2P connections. You can see it on firewall/connections tag on RouterOS. It also uses UDP protocol, then you cant stop ares at all!! please, try it and tell me! may be I am doing something wrong.

Thank you.

Normis, It does not block ARES program.!
have you tryed your self?

Ares uses http services to download packets as well as P2P connections. You can see it on firewall/connections tag on RouterOS. It also uses UDP protocol, then you cant stop ares at all!! please, try it and tell me! may be I am doing something wrong.

Thank you.

yes, I know. we tested it, and it is like you say. my objection was to the person who mentioned MSN and Skype.

we will see if we can improve ares blocking.

NORMIS.
There is a connection to 66.222.xx.xx (I dont remember exactly the IP) to port 80 when ARES start.
I have captured packets and the first one always contains> GET /ares/home.php... and so on what about match packets with text "ares", I dont know how to use content= on mangle, I have tryed but I haven´t been able getting any result.

Let me know if you find any solution to do this. Every body have problems with ARES, It is a bandwidth-killer software.

Personally, I dont want to block ARES completely, but if we find some way to controll it, we might asign a discrete bandwidth.

Thanks in advance.

Well, as far as I know, it is possible to set limit for the entire client traffic, all the client data will be limited included ares.
If your client will complain about little bandwidth available, you may tell him to switch off these applications.
Either more you may assign prioritization together with limitation for the client, then important services (with higher priority) will maintained with highest priority over other traffic.

MT can block almost all p2p protocol, but ares in a limited way.

I use layer7 in a linux box to block all unwanted p2p

Hi Jose,
could you please post what type of level7 firewall do you use to filter p2p traffic?

MT cannot efficently mangle all p2p traffic (please look @ http://forum.mikrotik.com/viewtopic.php?f=2&t=18024), so the procedure normally used is to mangle all other traffic (e.g. calling it "known" traffic) and consider all the other p2p traffic.

Unfortunately this makes management of "known" traffic verfy complicated because it is not made only of software with ports < 1024, but many other ports are used (msn, vpn, voip, custom applications, ...), so customers continuosly write emails or make phone calls asking for ports to be opened.

Rgds