The time now is 12/04/08 - 16:58
Log in: Username: Password:
Search forums for:
  

windows DNS and site blocking

Post new topic   Reply to topic
Author Message
kireol
RealPoor Master of Posts
RealPoor Master of Posts


Joined: 02 Aug 2003
Posts: 9517
Location: Royal Oak, MI



PostPosted: 03/01/05 - 11:18    Post subject: windows DNS and site blocking Reply with quote

my boss wants me to block all sites but a small handful.

I tried turning off DNS and just adding those sites to the HOSTS file, but it didnt work, and what if those sites change their IP anyway.


any ideas on a good way to do this?
Back to top
Zuldane
RealPoor Guru
RealPoor Guru


Joined: 11 Oct 2002
Posts: 4057
Location: At sea.



PostPosted: 03/01/05 - 11:20    Post subject: Reply with quote

AOL FREE 5000 HOURS
Back to top
khrath
Guest







PostPosted: 03/01/05 - 11:27    Post subject: Reply with quote

You could write firewall rules that block every address on port 80 by default, then open holes for certain sites.

That'd be the easiest way to go about it i'd think.

It'd also be easy to bypass though, and wouldn't block secure web browsing.
Back to top
kireol
RealPoor Master of Posts
RealPoor Master of Posts


Joined: 02 Aug 2003
Posts: 9517
Location: Royal Oak, MI



PostPosted: 03/01/05 - 11:41    Post subject: Reply with quote

hrmmm. good thinking. any recomendations on which firewall should I use?
Back to top
khrath
Guest







PostPosted: 03/01/05 - 11:52    Post subject: Reply with quote

depends on operating system I guess.

with ipfw it would look like this.

ipfw add pass tcp from www.yahoo.com 80 to any
ipfw add deny tcp from any 80 to any


As long as that last line stays last, it should work fine.

I'm sure there are better ways to do it though.
Back to top
kemble
RealPoor Sensei
RealPoor Sensei


Joined: 14 Oct 2002
Posts: 1909
Location: MI



PostPosted: 03/01/05 - 12:42    Post subject: Reply with quote

install squid and then you can monitor everyone's surfing habits!

btw, nazi internet policies in the workplace suck.
Back to top
kireol
RealPoor Master of Posts
RealPoor Master of Posts


Joined: 02 Aug 2003
Posts: 9517
Location: Royal Oak, MI



PostPosted: 03/01/05 - 13:19    Post subject: Reply with quote

well, people are checking out http://www.trumpps.net and shit.



if I set up some sort of DNS server on my linux box. Only have entries for the few sites I want and somehow exclude all other sites. And point to that would that for the DNS server on the windows boxes, would that work? is it hard to set up a DNS server on Linux
Back to top
gotissues68
RealPoor Sensei
RealPoor Sensei


Joined: 21 Aug 2003
Posts: 1866



PostPosted: 03/01/05 - 13:29    Post subject: Reply with quote

kireol wrote:
well, people are checking out http://www.trumpps.net and shit.



if I set up some sort of DNS server on my linux box. Only have entries for the few sites I want and somehow exclude all other sites. And point to that would that for the DNS server on the windows boxes, would that work? is it hard to set up a DNS server on Linux


No its not hard but you can't block via DNS, setup firewall rules as was suggested to block anything inbound on port 80 except the sites you are allowed to browse to.
Back to top
gotissues68
RealPoor Sensei
RealPoor Sensei


Joined: 21 Aug 2003
Posts: 1866



PostPosted: 03/01/05 - 13:33    Post subject: Reply with quote

You could also setup Windows security policies on each box btw... that'd be even easier...
Back to top
kireol
RealPoor Master of Posts
RealPoor Master of Posts


Joined: 02 Aug 2003
Posts: 9517
Location: Royal Oak, MI



PostPosted: 03/01/05 - 13:34    Post subject: Reply with quote

well, i tried adding /. to restricted sites and it still worked. so i just figured as hung over as I am, that that wasnt working.
Back to top
gotissues68
RealPoor Sensei
RealPoor Sensei


Joined: 21 Aug 2003
Posts: 1866



PostPosted: 03/01/05 - 14:47    Post subject: Reply with quote

I'm not good with Windows security policy so I checked my boss that I do consulting work for on the side (Linux shat) and here's what he said...


(10:16:37) wtfiml33t: how can I set a security policy to restrict certain sites from being browsed to via internet explorer?
(10:21:3Cool The conversation has become inactive and timed out.
(10:38:34) This is Chris: yo
(10:38:40) wtfiml33t: yo
(10:38:45) This is Chris: whats your prob?
(10:39:12) wtfiml33t: lol I don't have a problem, friend of mine is looking for a good way to block access to LAN users except to specific certain websites..
(10:39:19) wtfiml33t: they've been caught browsing porn and stuff at work =\
(10:42:03) This is Chris: just use the basis IE parental controls
(10:42:0Cool This is Chris: basic
(10:42:09) wtfiml33t: heh
(10:42:13) This is Chris: it sets a password
(10:42:23) wtfiml33t: k
(10:43:06) This is Chris: the you set "approved sites"
(10:43:17) This is Chris: or set it based on the ratings system
(10:43:29) wtfiml33t: k
(10:43:31) This is Chris: which filters based on contect
Back to top
kireol
RealPoor Master of Posts
RealPoor Master of Posts


Joined: 02 Aug 2003
Posts: 9517
Location: Royal Oak, MI



PostPosted: 03/01/05 - 15:08    Post subject: Reply with quote

nice. after this chicken parm gets demolished, i'm so all over that
Back to top
Callaren
RealPoor Sensei
RealPoor Sensei


Joined: 03 Dec 2003
Posts: 1598
Location: South Jersey



PostPosted: 03/01/05 - 18:56    Post subject: Reply with quote

kireol wrote:
nice. after this chicken parm gets demolished, i'm so all over that

I almost always get chicken parm, it's my favorite.
Back to top
kireol
RealPoor Master of Posts
RealPoor Master of Posts


Joined: 02 Aug 2003
Posts: 9517
Location: Royal Oak, MI



PostPosted: 03/01/05 - 19:01    Post subject: Reply with quote

gotissues68 wrote:
I'm not good with Windows security policy so I checked my boss that I do consulting work for on the side (Linux shat) and here's what he said...


(10:16:37) wtfiml33t: how can I set a security policy to restrict certain sites from being browsed to via internet explorer?
(10:21:3Cool The conversation has become inactive and timed out.
(10:38:34) This is Chris: yo
(10:38:40) wtfiml33t: yo
(10:38:45) This is Chris: whats your prob?
(10:39:12) wtfiml33t: lol I don't have a problem, friend of mine is looking for a good way to block access to LAN users except to specific certain websites..
(10:39:19) wtfiml33t: they've been caught browsing porn and stuff at work =\
(10:42:03) This is Chris: just use the basis IE parental controls
(10:42:0Cool This is Chris: basic
(10:42:09) wtfiml33t: heh
(10:42:13) This is Chris: it sets a password
(10:42:23) wtfiml33t: k
(10:43:06) This is Chris: the you set "approved sites"
(10:43:17) This is Chris: or set it based on the ratings system
(10:43:29) wtfiml33t: k
(10:43:31) This is Chris: which filters based on contect


that so worked. I owe you and yer boss lunch
Back to top
kemble
RealPoor Sensei
RealPoor Sensei


Joined: 14 Oct 2002
Posts: 1909
Location: MI



PostPosted: 03/01/05 - 20:00    Post subject: Reply with quote

I hope nobody is bright enough to d/l opera, firefox, or the 5 bazillion other ways around this. Good for keeping the mindless minions from browsing wasting time at work tho.
Back to top
gotissues68
RealPoor Sensei
RealPoor Sensei


Joined: 21 Aug 2003
Posts: 1866



PostPosted: 03/01/05 - 20:05    Post subject: Reply with quote

kemble wrote:
I hope nobody is bright enough to d/l opera, firefox, or the 5 bazillion other ways around this. Good for keeping the mindless minions from browsing wasting time at work tho.


Yea that occured to me too after the fact. Thats why my inital idea was to use security policies that limit network access and software installation. Require anything thats not a direct executable or needs to write the registry to require administrator access.
Back to top
kireol
RealPoor Master of Posts
RealPoor Master of Posts


Joined: 02 Aug 2003
Posts: 9517
Location: Royal Oak, MI



PostPosted: 03/01/05 - 20:11    Post subject: Reply with quote

only way they could DL is if they shell to command prompt, and use FTP. Or bring in a CD or thumbdrive. Doing that fix also prevents them from easily using IE to grab Firefox/AOL/etc.


And I'm not guarding fort knox here.
Back to top
gotissues68
RealPoor Sensei
RealPoor Sensei


Joined: 21 Aug 2003
Posts: 1866



PostPosted: 03/01/05 - 20:13    Post subject: Reply with quote

kireol wrote:
only way they could DL is if they shell to command prompt, and use FTP. Or bring in a CD or thumbdrive. Doing that fix also prevents them from easily using IE to grab Firefox/AOL/etc.


And I'm not guarding fort knox here.


Yea but you don't want them browsing to Fort c***s either..
Back to top
khrath
Guest







PostPosted: 03/01/05 - 21:07    Post subject: Reply with quote

my company used to do that till they realised how futile it was
Back to top
kireol
RealPoor Master of Posts
RealPoor Master of Posts


Joined: 02 Aug 2003
Posts: 9517
Location: Royal Oak, MI



PostPosted: 03/01/05 - 22:12    Post subject: Reply with quote

my users are mostly people without cars or valid drivers licenses and a record
Back to top
Display posts from previous:   
Post new topic   Reply to topic
Page 1 of 1

Related topics:
M$ Windows XP Home $1
Put Windows Vista On your psp!!!
Temporary Internet Files in Windows XP
any good programs for windows mobile 5?
UNIX vs Windows
Windows XP 64-Bit Edition
Windows XP 64-bit Edition
What's with people who leave their windows open then ...
64 Bt Windows
windows xp media centre addition 2005
windows xp help
finding windows help
Great task for Windows fans
windows explorer on mp3s
C program - file sizes in unix / windows
EQWindows -- Mouse won't reattach??
All you windows XP users
Windows Mode for FFXI
Windows Networking Question
EQWindows
LOTR Online IP blocking removed?
Router blocking
Blocking in LOTRO
email blocking technique question
Active parrying and blocking in Age of Conan
Blocking function in D&D Online?
Whats a good internet blocking program?
M$ Blocking Wine users directly :P
Will WoW have Eq style cock blocking or ....