advise please on what ports to block?

Baffie wrote in news: snipped-for-privacy@4ax.com:

First, it should more like a discipline problem.

OTOH, some NAT routers have a setting whereby you can set the hours or range of hours that you can block all internet access from an IP or MAC address of his machine. It's probably better to use the MAC address, because under certain condition changes in your local LAN, his local IP address may change. It's unlikely he would know how to change/spoof the MAC address of his machine, but you never know. Some OSes don't have this capability anyway.

What router are you talking about?

You would simply install Active Ports or TCPview on the machine, start either one of them and start the program in question. Each of the programs mentioned which are free will tell you the port or ports being used by the program.

If the router has the ability to set rules to stop inbound or outbound traffic by port, then you can set rules to block the port or ports the application is using or by IP and port if the router can set rules by IP.

Most likey, the kid's machine will be using the same DHCP IP, because on a small LAN with few machines, the IP assigned to his machine will not change and will be static in that regard. Hopefully, the kid will not be slick enough to know how to get a new IP assigned to his machine.

Also, if the router has a syslog, then you can use something like WallWatcher and watch all traffic that's coming to and leaving the router by IP.

WW is free too.

For all you know, some wireless hacker could join your wireless network and play the game too.

It may or may not help you.

Duane :)

You will need a software solution, such as WinControl, which can shut off certain programs after a certain hour. Maybe you need to get rid of your hardware applicance and get a software soliution, with a gateway machine with filtering software on it. What you need is

another PC (to act as gateway machine) any kind of software firewall (I like Tiny best) a filtering program some kind of proxy software

Athough CyBlock is expensive (at $799 per year), it will provide the best blocking. You could block all games under the games category, and that will completely cut off games to his bedroom computer, as well as any other content you dont want him to see.

Routers cannot do that.

If he using an open proxy server on a port other than 80? There are plenty of them around. Check out

and you will see what I mean This is another argument for getting a software based solution on a gateway machine.

Get another PC to use as a gateway machine, install and configure the software I already mentioned. You will need to have HTTP and Socks servers on your machine. With Tiny, you can deny the program using the Socks server different ports than HTTP. Allow 80 and 443 on the HTTP proxy, while denying port 80, and ports 1000-7000 on the Socks server. You will also need unfiltered proxies in case you have to access something that is filtered. Using a second proxy with authentication would accomplish this. You will just have to configure all the browsers on your networked PCs to use the proxy.

Did you not read that the person is using wireless or did you miss that?

Most people do not go around setting up an add-hoc wireless network or do they start using a standalone hub or switch and WAP and a gateway computer.

Nine times out of ten, the average Joe Blow home user that's using wireless is going with a wireless router/WAP.

As far as I am concerned, your point and advice here is moot.

Duane :)

Duane :)

I did miss that part. I don't think the router you have has any power on making rules. Most wireless routers for home usage don't have the power.

What you need to do is get yourself a wire router that's ICSA certified that has better filtering or FW rules that can stop inbound and outbound traffic, convert the Belkin into a wire/WAP switch and plug it into a LAN port on the wire router.

Does the Belkin even have a syslog that you can see what's going on? You're flying blind without a syslog as you cannot see anything.

You should get a router wire or wireless that meets the spec for what does a network FW do.

You need to get a router that's going to allow you to control the traffic by port or IP, protocol at the very least and by protocol, if that Belkin cannot do it.

Duane :)

Cisco will be surprised to hear that, as they imagined they implemented this four major code generations ago.

If you object that the above is by address instead of by person, then the same applies to your proposed solution -- and besides, Cisco and others have implemented time-based access-lists that are downloadable from RADIUS servers. You can add 802.1x layers on top of that if you need higher assurance that the endpoint is who you think it is.

Actually there are a number of routers (NAT Appliances) that have time rules as well as authenticated users that are well within the home user price range.

This means that you can block all outbound access until a user logs into the router interface and provides a matching user/password - then their rules for that user become active (includes outbound filtering, white/black lists by domain name, not just IP, times, etc...)

Charles - you really need to get into the modern world as everything you mention is old and outdated.

It has not changed in 3, 4 years or more.

Tiny for the National Defense according to old Charles.

Duane :)

On Sat, 24 Jun 2006 16:02:31 GMT, Duane Arnold making rules. Most wireless routers for home usage don't have the power.

Hi and thanks for the suggestions - I'll look them up for sure.

The belkin does have the option of switching off by port, ip address and time - it just doesn't seem to work! the ip address in question is fixed 192.168.2.4 I've selected the range 20 to 65535 both tcp and udp and the time is set to switch off at 10pm and not to resume till 5pm next day trouble is no matter what i do it just doesn't seem to work, I've tried an email to Belkin and they very helpfully cut and pasted sections of the instruction book into the reply. so, he plays away happily with online games (star wars galaxies and others) and browses the net till i go upstairs and pull the plug on his pc. he's embarrassed about it but it seems once he's in the game his will power vaporises. seems hard to believe that a relatively high priced adsl modem/router with claimed features like this doesn't work - I assumed that I was mis-configuring it, but the more i check it the more I'm sure that i set it up right. it even has a remote management system - but that doesn't work either, a friend offered to take a look (from a fixed and named ip address with password set up) but nothing happens on trying to connect.

Well, Belkin doesn't have a reputation for router solutions. Maybe, UPS and some other things but not routers. The firmware for a router is only as good as the makers of the firmware.

Duane :)