Results 1 to 9 of 9
  1. #1
    Master Untangler dmor's Avatar
    Join Date
    Jun 2009
    Posts
    668

    Default Blocking KODI Add-ons that facilitate illegal streaming

    A local ISP just asked me if I could help them block illegal streaming that people are doing with Kodi add-ons. I'm not familiar with Kodi, but just did a quick Google search to get a little snippet of what it is.

    Are any of you familiar with the add-ons it uses, and what specific configuration could be used in Untangle's Application Control (or other apps) to block it?

    It sounds like (from what I was told) the problematic/illegal traffic is a sort of decentralized peer-to-peer streaming & sharing similar to a BitTorrent type of traffic.

    Any help on this would be appreciated.

    It would be fun to help an ISP get control of their network with Untangle.

    Thanks!
    -
    Doug

  2. #2
    Master Untangler
    Join Date
    May 2008
    Posts
    939

    Default

    If you block it they will probably use a vpn. So you will have more work after that. Good business plan.

  3. #3
    Master Untangler dmor's Avatar
    Join Date
    Jun 2009
    Posts
    668

    Default

    Quote Originally Posted by donhwyo View Post
    If you block it they will probably use a vpn. So you will have more work after that. Good business plan.
    OK. Then how about identifying it with Untangle and getting alerts for it. I know how to create the alerts for interesting traffic. But do you know what protocols Application Control will flag this traffic as?

    This would probably be just as effective for the ISP. They have received letters from attorneys representing large media companies threatening legal action if they do not shut those users down. The ISP would appreciate being able to identify this traffic proactively so that they can take appropriate action with their customers.

    Any help on this would be appreciated.

    Thanks!

  4. #4
    Master Untangler bluechris's Avatar
    Join Date
    May 2016
    Location
    Athens, Greece
    Posts
    142

    Default

    You will not find a correct solution for what you are trying to do. Kodi has a ton of illegal plugins that use different ports and connections and as the previous guy said they can use vpn and you cannot see nothing.
    Its a lost case imo.

  5. #5
    Master Untangler dmor's Avatar
    Join Date
    Jun 2009
    Posts
    668

    Default

    Quote Originally Posted by bluechris View Post
    You will not find a correct solution for what you are trying to do. Kodi has a ton of illegal plugins that use different ports and connections and as the previous guy said they can use vpn and you cannot see nothing.
    Its a lost case imo.
    So perhaps the only solution would be to go to the ugly route of only allowing traffic out well-known ports, then using Application Control to flag (and optionally block) any traffic that is not using the standard protocol for that port...?

    Obviously that would break a lot of customer internet traffic and infuriate users. But do you see any other alternative?

    Also is there anyone out there who knows what protocols Untangle's Application Control identifies any of the Kodi plugin P2P streaming as? This would at least be a starting point. The ISP could gradually build a list of *permitted* protocols over various ports & prohibited protocols they want to block. They could utilize Untangle alerts any time a new protocol (they have not already created a rule for) is seen on a port that they are monitoring/controlling. This would be time-consuming, but I would think maybe the best option if they want to proactively find this type of internet traffic passing through their edge before more attorneys send them letters.

  6. #6
    Master Untangler
    Join Date
    May 2010
    Location
    Texas, USA
    Posts
    690

    Default

    Even that won't work (at least not 100%, or even close to it - it would work on some non-technical / casual users) as you have to let port 443 through.

    Many download/file sharing apps can use port 443. And almost every VPN can as well, so for apps/plugins that can't use 443 then end users just setup a VPN over 443...

    The ISP can always try to block VPN services, though. Which will work for some use cases, but not many. And that actually may/may not be against the terms of conditions they have with their customers as well since VPNs have legitimate use cases (connect to work systems from home, for instance).

    Not to be a defeatist - but with the advent of easy encryption, there is almost NOTHING an ISP can do to stop this traffic completely/reliably without completely internet connectivity for most legitimate use cases as well.
    Last edited by JasonJoel; 10-30-2018 at 11:06 AM.

  7. #7
    Master Untangler dmor's Avatar
    Join Date
    Jun 2009
    Posts
    668

    Default

    Quote Originally Posted by JasonJoel View Post
    Even that won't work (at least not 100%, or even close to it - it would work on some non-technical / casual users) as you have to let port 443 through.

    Many download/file sharing apps can use port 443. And almost every VPN can as well, so for apps/plugins that can't use 443 then end users just setup a VPN over 443...

    The ISP can always try to block VPN services, though. Which will work for some use cases, but not many. And that actually may/may not be against the terms of conditions they have with their customers as well since VPNs have legitimate use cases (connect to work systems from home, for instance).

    Not to be a defeatist - but with the advent of easy encryption, there is almost NOTHING an ISP can do to stop this traffic completely/reliably without completely internet connectivity for most legitimate use cases as well.
    I am aware of all of this and agree generally. However, I think if the ISP were to block almost *nothing*, and instead flag and alert, they could still eventually build a rule-set that would be useful. It would require ongoing maintenance. But could help tip them off into the types of traffic & users they may be interested in.

    They can revamp their Terms of Service if they want to go through that process with their attorneys, etc.

    But at least being able to identify (perhaps by process of elimination) the interesting and anomalous traffic, would probably help them.

  8. #8
    Master Untangler bluechris's Avatar
    Join Date
    May 2016
    Location
    Athens, Greece
    Posts
    142

    Default

    Quote Originally Posted by dmor View Post
    So perhaps the only solution would be to go to the ugly route of only allowing traffic out well-known ports, then using Application Control to flag (and optionally block) any traffic that is not using the standard protocol for that port...?

    Obviously that would break a lot of customer internet traffic and infuriate users. But do you see any other alternative?

    Also is there anyone out there who knows what protocols Untangle's Application Control identifies any of the Kodi plugin P2P streaming as? This would at least be a starting point. The ISP could gradually build a list of *permitted* protocols over various ports & prohibited protocols they want to block. They could utilize Untangle alerts any time a new protocol (they have not already created a rule for) is seen on a port that they are monitoring/controlling. This would be time-consuming, but I would think maybe the best option if they want to proactively find this type of internet traffic passing through their edge before more attorneys send them letters.
    Maybe you can do that but you will not block the videos that will come throw port 80 to kodi.
    I did a test in home by installing kodi and a plugin that searches servers for movies. The plugin did a search and got some results and immediately web filter catched some traffic and blocked it but this was 2 in 25 domains that the plugin searched.
    As I see it the provider needs a person to follow the forums that advertise this plugins, then this guy/team will block the pages where the plugin searches so the client will not get results.
    Still with the above solution you cannot block nothing that passes throw vpn and you will need 24/7 employees to gather Info and block accordingly.

    Its a no go situation as i see it.

  9. #9
    Master Untangler
    Join Date
    May 2010
    Location
    Texas, USA
    Posts
    690

    Default

    That is how I see it too.

    You might find *some* of the traffic, but you definitely will not find *most* of it. So is it worth the extreme amount of human effort/time to find *some* of the traffic, or just respond to the copyright holders legal notices when they are made aware of them?

    That is a decision only the ISP can make I guess.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2