I work in a school, some of the students are being crafty and hosting inappropriate content on their home computers. One example is one student hosted a proxy site a few weeks ago. We are using Websense to filter our traffic but there is nothing in there to block sites hosted on a dynamic IP.
I have blocked the URL of the proxy but the student can easily get passed that by putting the Puplic IP address of the home connection.
So is there a way to block all Dynamic IP addresses and websites hosted on a dynamic address?
From: Taylorville, IL
I do feel for you. You can only block things when you know what they are and their identity doesn't keep changing.
One extreme solution is to only allow access to a list of approved sites, while leaving the whole entire Internet,... that isn't accounted for on the approved list,... blocked. Now that doesn't mean you have to block all protocols,...you would only need to do that with HTTP and HTTPS.
Now there is one other thing I can think of. That is the use of Content Filters that actually open the HTTP packets and look at the content of the pages. ISA is not flexible enough for that. You can try, but it will be a long and losing battle. But there are third party products that operate as plugins for the ISA. They may help. But I don't have any exact recommendations, I can only direct you here:
One last thing that is free, and it still may not fix this one particular situation. Use www.opendns.com . You have to stop using your ISP for the public DNS and start using these guys. As long as you have approached your DNS design properly (trust me, a lot of places have made a mess of theirs) then you just change the IP# used in the Forewarders List in the config on your local DNS Servers.