Welcome to ISAserver.org

Block Websites Hosted On A Dynamic Address

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA 2006 Firewall] >> HTTP Filtering >> Block Websites Hosted On A Dynamic Address

Page: [1]

Message

<< Older Topic Newer Topic >>

Block Websites Hosted On A Dynamic Address - 16.Jul.2009 3:46:33 PM

zakfleming

Posts: 23
Joined: 10.Jul.2009
Status: offline

Block Websites Hosted On A Dynamic Address

Hi,

I work in a school, some of the students are being crafty and hosting inappropriate content on their home computers. One example is one student hosted a proxy site a few weeks ago. We are using Websense to filter our traffic but there is nothing in there to block sites hosted on a dynamic IP.

I have blocked the URL of the proxy but the student can easily get passed that by putting the Puplic IP address of the home connection.

So is there a way to block all Dynamic IP addresses and websites hosted on a dynamic address?

Thanks

Post #: 1

Featured Links*

RE: Block Websites Hosted On A Dynamic Address - 17.Jul.2009 12:53:51 PM

pwindell

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline

You can't.

The school has to deal with the brat "human to human". If the school is not willing to do that,...then the war is over,...you lost,...let the brats do whatever they want.

_____________________________

Phillip Windell

(in reply to zakfleming)

Post #: 2

RE: Block Websites Hosted On A Dynamic Address - 17.Jul.2009 1:58:35 PM

zakfleming

Posts: 23
Joined: 10.Jul.2009
Status: offline

He has been blocked from the internet and is being dealt with by the Senior Leadership Team. But how many other people has he told? It will be hard finding these people.

(in reply to pwindell)

Post #: 3

RE: Block Websites Hosted On A Dynamic Address - 17.Jul.2009 2:14:36 PM

pwindell

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline

I do feel for you.
You can only block things when you know what they are and their identity doesn't keep changing.

One extreme solution is to only allow access to a list of approved sites, while leaving the whole entire Internet,... that isn't accounted for on the approved list,... blocked. Now that doesn't mean you have to block all protocols,...you would only need to do that with HTTP and HTTPS.

Now there is one other thing I can think of. That is the use of Content Filters that actually open the HTTP packets and look at the content of the pages. ISA is not flexible enough for that. You can try, but it will be a long and losing battle. But there are third party products that operate as plugins for the ISA. They may help. But I don't have any exact recommendations, I can only direct you here:

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.mspx

One last thing that is free, and it still may not fix this one particular situation. Use www.opendns.com .
You have to stop using your ISP for the public DNS and start using these guys. As long as you have approached your DNS design properly (trust me, a lot of places have made a mess of theirs) then you just change the IP# used in the Forewarders List in the config on your local DNS Servers.

_____________________________

Phillip Windell

(in reply to zakfleming)

Post #: 4

RE: Block Websites Hosted On A Dynamic Address - 17.Jul.2009 2:22:07 PM