Controlling your entire network - limiting bandwidth

[Rexii]

Heya, ive found this strange program called p2pOver, (p2p终结者in chinese) that has the ability to control the bandwidth of all computers on your network. for example, if your not so friendly tenant decides to go a 24/7 download rampage, you can fire this program up and limit his speed to a measly 5kb/s

Its like the program NetLimiter, but with access to all computer on the network! not just your computer.

My question is, how is this possible without installing anything on the other computers? Furthermore, i would think that you would also need access to the router(ie admin name + pass) to be able to control the router. But the program works!

Any ideas?

I can provide a download link for those who are interested

[celestialspring]

Link please! thanks in advance.

[RackMan]

you could also use a router like Linsys WRT54GL and put alternative firmware such as DD-WRT or Tomato in it

you can set rules per ip or mac

his way you don't have to install software

[+BudMan MVC]

Sorry but its IMPOSSIBLE for some software running on 1 machine to control the bandwidth other machine use -- IMPOSSIBLE.

Basic understanding of how tcp/ip works is all that is required to understand this.

So unless this software is acting as a proxy for the other machines on the network, or is controlling them or the gateway -- what your saying it impossible.

Now would it be possible to trick the other machines into thinking the machine running the software is the gateway.. sure this could be done a few different ways.

Would it be possible to flood the network with so much traffic that the other machines don't get any -- sure that too would be possible.

Please provide link to this software.

[celestialspring]

  BudMan said:

Sorry but its IMPOSSIBLE for some software running on 1 machine to control the bandwidth other machine use -- IMPOSSIBLE.

Basic understanding of how tcp/ip works is all that is required to understand this.

So unless this software is acting as a proxy for the other machines on the network, or is controlling them or the gateway -- what your saying it impossible.

Now would it be possible to trick the other machines into thinking the machine running the software is the gateway.. sure this could be done a few different ways.

Would it be possible to flood the network with so much traffic that the other machines don't get any -- sure that too would be possible.

Please provide link to this software.

Second that, I was a bit lazy to write the explanation ;P

[Rexii]

hm... strange then. Cos ive actually got a linksysg5GL router at home. I was thinking that it would have saved me buying this router if i found this program first.

personally, i think its impossible too.

anywayz here is the link so you guys can test it out. if there is any translation problems, i can help out.

*ttp://rapidshare.com/files/80460512/p2pover3.rar.html

[+BudMan MVC]

Well I sure an the F am not going to install something I downloaded from rapidshare ;)

But I did extract the contents.. Can not make heads are talls of the help file. But with the wpcap.dll an wanpacket and packet.dlls an a exe called "arp"over.exe. An there is a screen in the help asking something about a switch or hub.

An this screen from the help

Which would seem to be your adding some IP address to the machine running the software, with specific macs

I would guess that what its doing is acting as the gateway to the other machines on the network.. Like I said if you are the gateway off the network then you can control bandwidth no problem..

So either your setting the other machines to use your box running this software as the gateway -- or your tricking them into using you as the gateway.. This can be done with a simple arp spoof..

Here is info on that

--

http://en.wikipedia.org/wiki/ARP_spoofing

ARP spoofing, also known as ARP poisoning, is a technique used to attack an Ethernet network which may allow an attacker to sniff data frames on a local area network (LAN), modify the traffic, or stop the traffic altogether (known as a denial of service attack).

The principle of ARP spoofing is to send fake, or 'spoofed', ARP messages to an Ethernet LAN. Generally, the aim is to associate the attacker's MAC address with the IP address of another node (such as the default gateway). Any traffic meant for that IP address would be mistakenly sent to the attacker instead. The attacker could then choose to forward the traffic to the actual default gateway (passive sniffing) or modify the data before forwarding it (man-in-the-middle attack)

--

Can you translate this page of the help?

How does it say it works in the help file??

[Rexii]

BudMan, thats for the explanation. Rapidshare is not that evil, i uploaded the file myself, cos other wise you have to go to a chinese site, which is even worse.

My computer is not a gateway, all the computers on my network connects to the router directly. I guess its doing the spoofing.

My chinese is terrible. Even worse is my translation. Sorry about that. I think i got most of it. Anyways here is how it goes

[+BudMan MVC]

heheeh -- no I agree rapidshare is not that evil, what I meant was I would not be installing something from a "untrusted" source, etc.

But I might install this on a virtual machine to see, than capture the traffic it sends out to show you how it spoofs the gateway mac so that you send your traffic to the machine running the software.

To be honest this just just plain asinine to expect people to run something like this.. If its YOUR network, then you clearly would have control over the gateway off the network, etc.

To spoof the gateway mac so that traffic is sent to the machine running this software is just plain WRONG. So in China this common to do? For what possible reason?? There are many many ways to control the flow of traffic when you control the gateway device, ie the network in general.. If you do not want to do it on the gateway itself -- then there are many many legit proxies you could run, be it transparent or not to control traffic. Running some software on some machine to act as the gateway via a spoof of the gateways mac would not be one of them ;)

[Rexii]

  BudMan said:

heheeh -- no I agree rapidshare is not that evil, what I meant was I would not be installing something from a "untrusted" source, etc.

But I might install this on a virtual machine to see, than capture the traffic it sends out to show you how it spoofs the gateway mac so that you send your traffic to the machine running the software.

To be honest this just just plain asinine to expect people to run something like this.. If its YOUR network, then you clearly would have control over the gateway off the network, etc.

To spoof the gateway mac so that traffic is sent to the machine running this software is just plain WRONG. So in China this common to do? For what possible reason?? There are many many ways to control the flow of traffic when you control the gateway device, ie the network in general.. If you do not want to do it on the gateway itself -- then there are many many legit proxies you could run, be it transparent or not to control traffic. Running some software on some machine to act as the gateway via a spoof of the gateways mac would not be one of them ;)

heya BudMan. I dont know if its very common in China, but from what i can gather it is a popular software - there is even a reverse-p2pover, to counter it. I guess most people have no idea how to manage their networks, myself included. That is why this program is so convient - you dont have to install anything on other machines, or set any thing else up. its totally transparent. I had to by myself a 54GL to control bandwidth at home.

Im actually in australia and we dont have any unlimited plans, once you go over your limit, internet speed is capped to a horrible 10kb/s or so. If there is a crazy downloader sharing your internet, its pretty scary.

Can you point me to some other ways to control traffic?

cheers

[+BudMan MVC]

if your running a router that supports 3rd party -- both dd-wrt an tomato support bandwidth limiting an or QOS. Or just plain monitoring the amounts of traffic an then blocking them.

If those methods are not enough for you, then you should look into a one of the linux router distros an run on some old PC hardware. Something like pfsense, ipcop or clarkconnect for example -- or Astaro, etc.. etc.. etc..

As to running proxy to control traffic/bandwidth -- Squid comes to mind, FREE will run on linux or Windows.

In the windows world you could run ISA (not free), etc.. etc..

If you have a wrt54gl -- I would look to dd-wrt or tomato first, or openwrt is another option.