Results 1 to 8 of 8

Thread: Disabling Websites and Messenger on WiFi network

  1. #1
    Senior Member codenamevirus's Avatar
    Join Date
    Jun 2005
    Location
    Faridabad, Haryana, India
    Posts
    298

    Question Disabling Websites and Messenger on WiFi network

    Hi

    I just joined with a startup company and I have been asked to do an assignment that says that I have to block all the messengers and websites the employees may use like, for eg. google talk, msn messenger, yahoo messenger, orkut, facebook, etc.

    I searched about google talk and I found a answer which says:


    Disabling Google Talk on my network

    If you need to disable Google Talk on your network, we suggest blocking DNS lookups to both talk.google.com and talkx.l.google.com, by returning 127.0.0.1.
    But the problem is I am not able to add the DNS lookups - I dont know how to. I'll explain the network configuration used:

    1. The ISP provider has given a broadband line that goes into the modem they provided, the model is Beetel 450BXI - ADSL2 + Router (lets call this Modem X).

    2. Modem X has both LAN outputs (no machine is connected to these) and WiFi transmitter (which I have disabled).

    3. Modem X is connected to a NETGEAR Router WGR614v9 (lets call this Router Y) via LAN. And Router Y is the one that trasmits the WiFi to all the nodes we have in the office.

    4. No machine is connected to Modem X or Router Y through LAN ports - all use WiFi.

    Now how can I do the Website and Messenger Blocking for this configuration? Please keep in mind, we cannot connect the machine thru LAN cables as we dont have the infrastructure for these.

    I really need help on this. Thanks a lot.
    CodeNameVirus

  2. #2
    Junior Member
    Join Date
    Aug 2009
    Posts
    27
    Quote Originally Posted by codenamevirus View Post
    Hi

    I just joined with a startup company and I have been asked to do an assignment that says that I have to block all the messengers and websites the employees may use like, for eg. google talk, msn messenger, yahoo messenger, orkut, facebook, etc.

    I searched about google talk and I found a answer which says:



    But the problem is I am not able to add the DNS lookups - I dont know how to. I'll explain the network configuration used:

    1. The ISP provider has given a broadband line that goes into the modem they provided, the model is Beetel 450BXI - ADSL2 + Router (lets call this Modem X).

    2. Modem X has both LAN outputs (no machine is connected to these) and WiFi transmitter (which I have disabled).

    3. Modem X is connected to a NETGEAR Router WGR614v9 (lets call this Router Y) via LAN. And Router Y is the one that trasmits the WiFi to all the nodes we have in the office.

    4. No machine is connected to Modem X or Router Y through LAN ports - all use WiFi.

    Now how can I do the Website and Messenger Blocking for this configuration? Please keep in mind, we cannot connect the machine thru LAN cables as we dont have the infrastructure for these.

    I really need help on this. Thanks a lot.
    There are a lot of ways to do this. One is to purchase and configure a proxy server and then force all users to go through that to the Internet. Another may lie in the NetGear Router's setup (although I'm not sure). If there is filtering by IP address or website, (probably in the Security Tab), you should be able to put the IP Addresses or hostnames in there.

    For things like Windows Live Messenger or Skype, you could block the outgoing ports that they use. This won't completely disable them, as they can also use Port 80.

    If there aren't a lot of computers, you can go into each machine and add the domains to the HOSTS file. It's located in C:\Windows\System 32\Drivers\etc. Simply add the domain name and 127.0.0.1 or if you have a webserver with an access prohibited page, you can put that IP address in place of the 127.0.0.1 one.

    Hope this gives you some ideas. Have a great day
    Patrick.

  3. #3
    Senior Member JPnyc's Avatar
    Join Date
    Jan 2005
    Posts
    2,734
    hosts file would work provided you don't have too many computers to worry about, and be sure that you don't allow users permissions to change them again. Alternatively you could do something similar right on the server, the only way around it would be if the user knows the IP address of the site they're trying to contact. You can read about it here

  4. #4
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    Quote Originally Posted by codenamevirus View Post
    Hi

    I just joined with a startup company and I have been asked to do an assignment that says that I have to block all the messengers and websites the employees may use like, for eg. google talk, msn messenger, yahoo messenger, orkut, facebook, etc.

    I searched about google talk and I found a answer which says:



    But the problem is I am not able to add the DNS lookups - I dont know how to. I'll explain the network configuration used:

    1. The ISP provider has given a broadband line that goes into the modem they provided, the model is Beetel 450BXI - ADSL2 + Router (lets call this Modem X).

    2. Modem X has both LAN outputs (no machine is connected to these) and WiFi transmitter (which I have disabled).

    3. Modem X is connected to a NETGEAR Router WGR614v9 (lets call this Router Y) via LAN. And Router Y is the one that trasmits the WiFi to all the nodes we have in the office.

    4. No machine is connected to Modem X or Router Y through LAN ports - all use WiFi.

    Now how can I do the Website and Messenger Blocking for this configuration? Please keep in mind, we cannot connect the machine thru LAN cables as we dont have the infrastructure for these.

    I really need help on this. Thanks a lot.
    Well for one I would be looking at the Netgear router.. IT should have a web interface that you may be able to do a bit of mucking around..

    or do my trick..Between the Modem and the first Switch/router I installed a Smoothwall or IPCOP box.. (or you could go to Cisco PXE..) these are linux based router OS's.. from there I set my rules .. and block the hell out of unwanted services.. set QOS and all that stuff

    Seeing as everyone is on WiFi... I hope your sniffing the air for alternate AP's if the users find they can't FB or IM on the work network.. they may go hunting..
    Last edited by Und3ertak3r; August 23rd, 2009 at 03:03 PM.
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  5. #5
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,187
    You might also look into putting 'Untangle' in between the modem and router. It is free, and has a content filter, firewall, IPS, etc. It isn't the most robust all in one server, but it does pretty well.

    www.untangle.com
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  6. #6
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    1) Set up a proxy as said. You will probally need another box for this
    2) Edit the hosts file.

    In my router settings I can block "keywords" which I have done so for Facebook.

    This however will not block an app from running.

    As stated they can also push it through HTTP port if you only allow that ...
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  7. #7
    Senior Member
    Join Date
    Jul 2002
    Location
    Texas
    Posts
    168
    I suggest looking into using opendns. You can customize it to your needs for your network. It is also done at the router level, so it affects everyone on the network.
    <chsh> I've read more interesting technical discussion on the wall of a public bathroom than I have at AO at times

  8. #8
    I use IPcop myself, with the Advanced Proxy and URLfilter addons, among other addons. You'll need another computer for it; my old 300MHz P2 and ~380MB RAM Dell optiplex handles it rather well. It's a free, linux-based firewall package that you can download and burn the ISO to CD, so be prepared to spend some time if you decide to download it. There are so many options, it's easy to get lost in it.

    With IPcop, you can set up a transparent proxy server so you don't need to configure every browser to use it. After that, it's simply a matter of adding URLs to the blocked domains textbox and hitting Save and Restart...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •