Well, personally I’m all set to freedom and open internet culture. However, in corporate and in an academic environment you will always find abuse smart users. Large and medium size corporate institutional networks suffer now a days from “smart” users who try to get their latest Movie/soft/Music/TVShow downloaded in their office.
Beside the moral/legal dispute these activities present the network admins with some troubles. To begin with a considerable downgrade in the network performance, and the need to comply with local policy and legal restrictions, and of course the admins needs to have full band with for they own downloads.
ipp2p is a reasonable stable product, I ‘ve use it for 2 years in a large network 4 class C networks in an university environment. Users were use to abuse the network for personal downloads, and after chasing and punishing them for some time we chose to block the traffic once and for all.
Read more at debian-administration: Filtering P2P network traffic with ipp2p.
On a related note we use application layer packet classifier for Linux called L7-filter:
L7-filter is a classifier for Linux’s Netfilter that identifies packets based on application layer data. It can classify packets as Kazaa, HTTP, Jabber, Citrix, Bittorrent, FTP, Gnucleus, eDonkey2000, etc., regardless of port. It complements existing classifiers that match on IP address, port numbers and so on.
Our intent is for l7-filter to be used in conjunction with Linux QoS to do bandwidth arbitration (“packet shaping”) or traffic accounting.
Also if user tunnel packets through SSL or uses encrypt them, none of these technique will work as software classify them as SSL, so your smart user still have a way out ;) Trust me I’ve seen logs of largest broadband ISP in India and 60-80% traffic is p2p only.