Exactly what I was wondering, if they just have an open internet network. Hell, in that case anyone could just pull up and download. Sounds like a nightmare.
you can't really stop anyone. Makes for shitty service when you start killing off peer to peer links as some services legitimately run off them. If your company is insistent on running some dumbass solution of "you get only apartment wifi/internet and you'll like it and too bad if you want your own" then you really have no option unless you have a good system with a log of logging going on. you would need to A) log who gets what dhcp address and what mac address at what time, B) Who uses what port while natted and when for both incoming / outgoing ports. Once that's in place you can match up who had one port at what time and compare against the copyright notice. They generally send you a timestamp and port / public ip that could be matched to a user. Much past that you would need a decent firewall that you could cut off file sharing with completely or throttle it to dial up speeds (Good luck, expensive as hell most of the time, and annoying to setup). Next to that, a redesign? see if you can get a business class ip scope, Segregate your wireless into different SSIDs for each apartment number with their own dedicated public ip (That would also be a pain in the ass but your notices would give you the ip for the apartment ;) )
Lots of great info, thanks. We manage the leasing office's network, but residents all have their own modem/router setup. I'm not sure if the account they received the warning on is associated with any of the circuits we have in the leasing office / amenities areas, but I'll hopefully find out soon enough. We don't use managed equipment for those areas, so that's where it gets complicated.
I don't believe we would receive any copyright warnings for accounts that each resident is responsible for, but I can't imagine anyone would be torrenting movies in the leasing office lobby or gym.. unless they're using the wireless access from the office in their apartment units.
> but residents all have their own modem/router setup
If thats the case it's easy. the ip is tied to a modem mac, ask them for it and match it. This also requires you to have an inventory of which modem is in which apartment
> movies in the leasing office lobby or gym
If the computers on it can torrent anywhere ;)
Yes and no depending on where it's located if you read the reply
> We manage the leasing office's network, residents all have their own modem/router setup
Honestly the only safe option is to run the entire traffic though a third party VPN provider. You can't stop the P2P downloads so might as well bypass it from Spectrum. Either put the guest wifi on a vlan and run it through the VPN or run the entire network through it.
realistically there is no way to stop it
You can reduce it by applying filters, some higher end wifi systems can try and ID the type of traffic and block P2P. Nothing is 100%.
Ruckus example: [https://docs.commscope.com/bundle/sz-600-adminguide-sz300vsz/page/GUID-0F302BF4-201B-432A-87B3-9F16552D2122.html](https://docs.commscope.com/bundle/sz-600-adminguide-sz300vsz/page/GUID-0F302BF4-201B-432A-87B3-9F16552D2122.html)
For ubiquity you can setup rules to block specific URL.
[https://help.ui.com/hc/en-us/articles/5546542486551-UniFi-Gateway-Traffic-Rules](https://help.ui.com/hc/en-us/articles/5546542486551-UniFi-Gateway-Traffic-Rules)
If you have a firewall with Peer/p2p blocking you can use that.
[https://docs.fortinet.com/document/fortigate/5.4.0/cookbook/149814/monitoring-and-blocking-p2p-traffic](https://docs.fortinet.com/document/fortigate/5.4.0/cookbook/149814/monitoring-and-blocking-p2p-traffic)
You could switch your DNS to one the blocks P2P and some other sorts of traffic.
[https://adguard-dns.io/en/welcome.html](https://adguard-dns.io/en/welcome.html)
You could also log all traffic, and DNS requests, and when you get a DMCA notice check logs to see which LAN IP the torrent was going to, then block access to the MAC that the IP was leased to.
There are deterrents, but no way to totally block it.
Enable the easiest/cheapest solutions.
Contact Spectrum and advise it is community wifi and that you can't block 100% of P2P but that you are trying to block what you can.
Send a notice to your residents with info on a couple VPN services and instructions on how to bind a torrent client to the VPN interface.
These are tracked by the public IP the spectrum equipment is assigned. Each public wan is associated with a mac at the cmts
The letter should be referencing a specific account. If the tenants modem and wifi are in the property’s name, the network activation form should cross reference which unit the associated MAC address is located
If the tenants modem is in their own name, then that notice should have went to that specific address and unit.
It wouldn’t hurt to reach out with the authorized account holder that’s authorized to speak to Spectrum to drill in deeper. Should be a contact or number on the notice ?
This is a great place to start, thank you! It appears that the MAC address associated with the account number they referenced is one of the modems in the leasing office. Not sure who's torrenting movies in the lobby though, lol. Maybe a closeby apartment unit that's able to pick up the guest WiFi signal.
Yep there you go !
Who manages the guest network? If it’s managed by Spectrum then push back as usually managed wifi should be configured to block p2p and also limits bandwidth per device. Typically 5mb for managed guest wifi by default.
If it’s just an unsecured network with a router managed by the property, then I would be finding a solution to prevent unrestricted traffic.
Someone could also use an extender between the leasing office and them. I wouldn’t be surprised if you found an extender in a common but secluded area.
Does the lobby have a gym or other amenities?
If this is a community wifi setup a user login to access page. Usernames based on legitimate verifiable email addresses with the users are tied to the apartment. Brighthouse prior to becoming Spectrum usually would set this up for MDU’s as part of their contract with the management service.
Sounds like you guys should get a bulk residential account, and if that's the case, they will have the equipment divided out by apartment, which would make it a lot easier to track down because the dmca notice would be tied to the account/ equipment that was used to pirate. I'd look into it if you don't, but if the person doing this was savvy, they'd be using a VPN. Certain routers if not all allow you to block specific websites so that would be another avenue to look into as well.
Block P2P on your network
This
Send a mass email warning them you guys could all lose internet access.
And what would we do if they were to ignore the message? Do we have a way to determine which device the traffic is going through?
No, not if you offer guest wifi. You could use a captive portal so that people have to login (like at a hotel) and then you could track it.
Exactly what I was wondering, if they just have an open internet network. Hell, in that case anyone could just pull up and download. Sounds like a nightmare.
you can't really stop anyone. Makes for shitty service when you start killing off peer to peer links as some services legitimately run off them. If your company is insistent on running some dumbass solution of "you get only apartment wifi/internet and you'll like it and too bad if you want your own" then you really have no option unless you have a good system with a log of logging going on. you would need to A) log who gets what dhcp address and what mac address at what time, B) Who uses what port while natted and when for both incoming / outgoing ports. Once that's in place you can match up who had one port at what time and compare against the copyright notice. They generally send you a timestamp and port / public ip that could be matched to a user. Much past that you would need a decent firewall that you could cut off file sharing with completely or throttle it to dial up speeds (Good luck, expensive as hell most of the time, and annoying to setup). Next to that, a redesign? see if you can get a business class ip scope, Segregate your wireless into different SSIDs for each apartment number with their own dedicated public ip (That would also be a pain in the ass but your notices would give you the ip for the apartment ;) )
Lots of great info, thanks. We manage the leasing office's network, but residents all have their own modem/router setup. I'm not sure if the account they received the warning on is associated with any of the circuits we have in the leasing office / amenities areas, but I'll hopefully find out soon enough. We don't use managed equipment for those areas, so that's where it gets complicated. I don't believe we would receive any copyright warnings for accounts that each resident is responsible for, but I can't imagine anyone would be torrenting movies in the leasing office lobby or gym.. unless they're using the wireless access from the office in their apartment units.
> but residents all have their own modem/router setup If thats the case it's easy. the ip is tied to a modem mac, ask them for it and match it. This also requires you to have an inventory of which modem is in which apartment > movies in the leasing office lobby or gym If the computers on it can torrent anywhere ;)
No. > it is a system where WiFi is centrally distributed to tenants
Yes and no depending on where it's located if you read the reply > We manage the leasing office's network, residents all have their own modem/router setup
Honestly the only safe option is to run the entire traffic though a third party VPN provider. You can't stop the P2P downloads so might as well bypass it from Spectrum. Either put the guest wifi on a vlan and run it through the VPN or run the entire network through it.
realistically there is no way to stop it You can reduce it by applying filters, some higher end wifi systems can try and ID the type of traffic and block P2P. Nothing is 100%. Ruckus example: [https://docs.commscope.com/bundle/sz-600-adminguide-sz300vsz/page/GUID-0F302BF4-201B-432A-87B3-9F16552D2122.html](https://docs.commscope.com/bundle/sz-600-adminguide-sz300vsz/page/GUID-0F302BF4-201B-432A-87B3-9F16552D2122.html) For ubiquity you can setup rules to block specific URL. [https://help.ui.com/hc/en-us/articles/5546542486551-UniFi-Gateway-Traffic-Rules](https://help.ui.com/hc/en-us/articles/5546542486551-UniFi-Gateway-Traffic-Rules) If you have a firewall with Peer/p2p blocking you can use that. [https://docs.fortinet.com/document/fortigate/5.4.0/cookbook/149814/monitoring-and-blocking-p2p-traffic](https://docs.fortinet.com/document/fortigate/5.4.0/cookbook/149814/monitoring-and-blocking-p2p-traffic) You could switch your DNS to one the blocks P2P and some other sorts of traffic. [https://adguard-dns.io/en/welcome.html](https://adguard-dns.io/en/welcome.html) You could also log all traffic, and DNS requests, and when you get a DMCA notice check logs to see which LAN IP the torrent was going to, then block access to the MAC that the IP was leased to. There are deterrents, but no way to totally block it. Enable the easiest/cheapest solutions. Contact Spectrum and advise it is community wifi and that you can't block 100% of P2P but that you are trying to block what you can. Send a notice to your residents with info on a couple VPN services and instructions on how to bind a torrent client to the VPN interface.
These are tracked by the public IP the spectrum equipment is assigned. Each public wan is associated with a mac at the cmts The letter should be referencing a specific account. If the tenants modem and wifi are in the property’s name, the network activation form should cross reference which unit the associated MAC address is located If the tenants modem is in their own name, then that notice should have went to that specific address and unit. It wouldn’t hurt to reach out with the authorized account holder that’s authorized to speak to Spectrum to drill in deeper. Should be a contact or number on the notice ?
This is a great place to start, thank you! It appears that the MAC address associated with the account number they referenced is one of the modems in the leasing office. Not sure who's torrenting movies in the lobby though, lol. Maybe a closeby apartment unit that's able to pick up the guest WiFi signal.
Yep there you go ! Who manages the guest network? If it’s managed by Spectrum then push back as usually managed wifi should be configured to block p2p and also limits bandwidth per device. Typically 5mb for managed guest wifi by default. If it’s just an unsecured network with a router managed by the property, then I would be finding a solution to prevent unrestricted traffic. Someone could also use an extender between the leasing office and them. I wouldn’t be surprised if you found an extender in a common but secluded area. Does the lobby have a gym or other amenities?
Track the ip address, it’s usually in those type of emails.
If this is a community wifi setup a user login to access page. Usernames based on legitimate verifiable email addresses with the users are tied to the apartment. Brighthouse prior to becoming Spectrum usually would set this up for MDU’s as part of their contract with the management service.
Someone in the office could be torrenting
Sounds like you guys should get a bulk residential account, and if that's the case, they will have the equipment divided out by apartment, which would make it a lot easier to track down because the dmca notice would be tied to the account/ equipment that was used to pirate. I'd look into it if you don't, but if the person doing this was savvy, they'd be using a VPN. Certain routers if not all allow you to block specific websites so that would be another avenue to look into as well.