Re: Blocking AOL traffic with Dlink DIR 625 Router
On 11 Feb 2007 16:07:19 -0800, davejunkmail123@gmail.com wrote in
<1171238839.077462.38960@v33g2000cwv.googlegroups. com>:
>Trying to block / turn off AOL instatnt messenger traffic via my
>router (to keep kids off...)
>
>Dlink DIR 625 router.
>
>I can't block specific ports - because the ports keep changing -
>correct ?
>
>On this router, I cannot block a specific website - someone told me to
>below access to login.oscar.aol.com and that would do it - but I
>can't.
>
>Any ideas ?
No perfect solution. Possible options:
* AIM Monitor Sniffer <http://www.immonitor.com/aim-monitor-sniffer.htm>
* Block ports 4099 and 5190
* Setup your own DNS, and resolve login.oscar.aol.com to 127.0.0.1
* Force all traffic through a proxy that blocks AIM
* Establish firm rules with your kids (best bet)
--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>
Re: Blocking AOL traffic with Dlink DIR 625 Router
John Navas <spamfilter1@navasgroup.com> hath wroth:
>On 11 Feb 2007 16:07:19 -0800, davejunkmail123@gmail.com wrote in
><1171238839.077462.38960@v33g2000cwv.googlegroups .com>:
>
>>Trying to block / turn off AOL instatnt messenger traffic via my
>>router (to keep kids off...)
>>
>>Dlink DIR 625 router.
>>
>>I can't block specific ports - because the ports keep changing -
>>correct ?
>>
>>On this router, I cannot block a specific website - someone told me to
>>below access to login.oscar.aol.com and that would do it - but I
>>can't.
>>
>>Any ideas ?
>No perfect solution. Possible options:
>* AIM Monitor Sniffer <http://www.immonitor.com/aim-monitor-sniffer.htm>
>* Block ports 4099 and 5190
>* Setup your own DNS, and resolve login.oscar.aol.com to 127.0.0.1
>* Force all traffic through a proxy that blocks AIM
>* Establish firm rules with your kids (best bet)
The problem is that AIM can use port 80. However, there are some cute
blocking tricks. See:
<http://www.plevna.f9.co.uk/index.htm>
It works by sniffing the title of the program. It's not free (3 home
users for $60). It requires either a server, modified network login
script, or must be installed on the client machine. It won't work on
the router. I tried the 30 day trial version which worked as
advertised. I made no attempt to see if it could be circumvented.
However, the client didn't want to pay $400 for a site license, so we
just yelled at the employees, which was amazingly effective.
Re: Blocking AOL traffic with Dlink DIR 625 Router
On Sun, 11 Feb 2007 17:21:30 -0800, Jeff Liebermann
<jeffl@comix.santa-cruz.ca.us> wrote in
<cofvs2hp4jtenvjqbkhmkmi8regcglurm5@4ax.com>:
>John Navas <spamfilter1@navasgroup.com> hath wroth:
>
>>On 11 Feb 2007 16:07:19 -0800, davejunkmail123@gmail.com wrote in
>><1171238839.077462.38960@v33g2000cwv.googlegroup s.com>:
>>
>>>Trying to block / turn off AOL instatnt messenger traffic via my
>>>router (to keep kids off...)
>>>
>>>Dlink DIR 625 router.
>>>
>>>I can't block specific ports - because the ports keep changing -
>>>correct ?
>>>
>>>On this router, I cannot block a specific website - someone told me to
>>>below access to login.oscar.aol.com and that would do it - but I
>>>can't.
>>>
>>>Any ideas ?
>
>>No perfect solution. Possible options:
>>* AIM Monitor Sniffer <http://www.immonitor.com/aim-monitor-sniffer.htm>
>>* Block ports 4099 and 5190
>>* Setup your own DNS, and resolve login.oscar.aol.com to 127.0.0.1
>>* Force all traffic through a proxy that blocks AIM
>>* Establish firm rules with your kids (best bet)
>
>The problem is that AIM can use port 80. However, there are some cute
>blocking tricks. See:
><http://www.plevna.f9.co.uk/index.htm>
>It works by sniffing the title of the program. It's not free (3 home
>users for $60). It requires either a server, modified network login
>script, or must be installed on the client machine. It won't work on
>the router. I tried the 30 day trial version which worked as
>advertised. I made no attempt to see if it could be circumvented.
>However, the client didn't want to pay $400 for a site license, so we
>just yelled at the employees, which was amazingly effective.
Proxy is the only sure bet.
Proper parenting is the best bet.
--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>
Re: Blocking AOL traffic with Dlink DIR 625 Router
On 11 Feb 2007 18:17:34 -0800, davejunkmail123@gmail.com wrote in
<1171246654.089162.36300@p10g2000cwp.googlegroups. com>:
>On Feb 11, 8:51 pm, John Navas <spamfilt...@navasgroup.com> wrote:
>
>> Proxy is the only sure bet.
>
>How is "proxy" set up ? Can I do this on my router ?
No, separate computer, and a major undertaking.
--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>
Re: Blocking AOL traffic with Dlink DIR 625 Router
John Navas <spamfilter1@navasgroup.com> hath wroth:
>Proxy is the only sure bet.
>Proper parenting is the best bet.
I don't think a proxy server will work. I don't know of any proxy
server that can distinguish between HTTP traffic and AIM traffic on
port 80. (AIM can use port 80). However, there may be one that can
inspect the contents and pass/block based on what it finds. Dunno.
Another problem with proxy servers is that there are a substatial
number of bypass servers or "circumventors" that render the local
proxy server ineffective.
Re: Blocking AOL traffic with Dlink DIR 625 Router
On Sun, 11 Feb 2007 20:48:47 -0800, Jeff Liebermann
<jeffl@comix.santa-cruz.ca.us> wrote in
<rgrvs2p5hvdkbc8qsrtj9t2l75mm366lp4@4ax.com>:
>John Navas <spamfilter1@navasgroup.com> hath wroth:
>
>>Proxy is the only sure bet.
>>Proper parenting is the best bet.
>
>I don't think a proxy server will work. I don't know of any proxy
>server that can distinguish between HTTP traffic and AIM traffic on
>port 80. (AIM can use port 80). However, there may be one that can
>inspect the contents and pass/block based on what it finds. Dunno.
Bingo. Proxy can work by detecting and totally blocking the AIM
protocol, although to be clear my "sure bet" was in reference to a kid,
not an all-out assault -- as I wrote earlier, there is "no perfect
solution." Proxy could also be used to block the AIM website. Together
that should stop the great majority of kids.
>Another problem with proxy servers is that there are a substatial
>number of bypass servers or "circumventors" that render the local
>proxy server ineffective.
>
><http://en.wikipedia.org/wiki/Proxy_server>
Circumventors only work with partial (website, geography) blocking, like
the AIM website, not total (AIM) protocol blocking, and could probably
be defeated even for the AIM website with content filtering.
See Intercepting Proxy in that same article, which is how proxy and thus
its policies can be enforced.
But all this is of course way overkill -- a simple solution like IM Lock
Home <http://www.comvigo.com/imlock_home_edition.htm> is probably all
the OP needs.
--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>
Re: Blocking AOL traffic with Dlink DIR 625 Router
Remove AIM or uninstall it from the computer. Set yourself up as
administrator for this computer to keep kids from re-installing it.
Grow a backbone and be the parent.
gb
"There's no way to rule innocent men. The only power any government
has is the power to crack down on criminals. Well, when there aren't
enough criminals, one makes them. One declares so many things to be a
crime that it becomes impossible to live without breaking laws."
-- Ayn Rand, Atlas Shrugged
davejunkmail123@gmail.com wrote:
> Trying to block / turn off AOL instatnt messenger traffic via my
> router (to keep kids off...)
>
> Dlink DIR 625 router.
>
> I can't block specific ports - because the ports keep changing -
> correct ?
>
> On this router, I cannot block a specific website - someone told me to
> below access to login.oscar.aol.com and that would do it - but I
> can't.
>
> Any ideas ?
>
> Thanks !
>
Re: Blocking AOL traffic with Dlink DIR 625 Router
davejunkmail123@gmail.com wrote:
> Trying to block / turn off AOL instatnt messenger traffic via my
> router (to keep kids off...)
>
> Dlink DIR 625 router.
>
> I can't block specific ports - because the ports keep changing -
> correct ?
>
> On this router, I cannot block a specific website - someone told me to
> below access to login.oscar.aol.com and that would do it - but I
> can't.
>
> Any ideas ?
>
> Thanks !
>
Sure, make rules and enforce them. Such as "kids, I don't want you to
use aol on the computer" if that doesn't work then "kids, I asked you
not to use aol, if you do it again the computer will be removed for a
month". If you find aol being used then remove the computer per your
warning.
Re: Blocking AOL traffic with Dlink DIR 625 Router
> Any ideas ?
Edit the %WINDIR%\system32\drivers\etc\hosts file. Put in a line that
reads:
127.0.0.1 login.oscar.aol.com
That'll tell that PC to resolve back to itself when looking up the login
server for AIM.
Then police that file to see that the child hasn't been deliberately
altering it.
This is definitely not a perfectly secure setup and can be easily worked
around. But that 'working around' will show deliberate disobediance on the
part of the child. Use that as part of other parallel 'good parenting'
practices.
If you've got a PC on the home network that's running constantly then you
could go so far as to run a DNS server on it. And then block outbound DNS
traffic for anything but that computer. Then configuring a fake domain for
oscar.aol.com that resolves back to the 127.0.0.1 loopback address. If it's
a server and it's running the server OS you could also set it up as a domain
controller and use network policies to really put a tighter grip on it. You
can escalate this 'arms race' quite a bit' but to what end?
None of it will be foolproof. Thus it's often easier, cheaper, better in
the long run, to employ more traditional parenting skills.
Blocking AOL traffic with Dlink DIR 625 Router 
Linear Mode
