Blocking AOL traffic with Dlink DIR 625 Router

Trying to block / turn off AOL instatnt messenger traffic via my router (to keep kids off...)

Dlink DIR 625 router.

I can't block specific ports - because the ports keep changing - correct ?

On this router, I cannot block a specific website - someone told me to below access to login.oscar.aol.com and that would do it - but I can't.

Any ideas ?

Thanks !

Reply to
davejunkmail123
Loading thread data ...

On 11 Feb 2007 16:07:19 -0800, snipped-for-privacy@gmail.com wrote in :

No perfect solution. Possible options:

  • AIM Monitor Sniffer
  • Block ports 4099 and 5190
  • Setup your own DNS, and resolve login.oscar.aol.com to 127.0.0.1
  • Force all traffic through a proxy that blocks AIM
  • Establish firm rules with your kids (best bet)
Reply to
John Navas

John Navas hath wroth:

The problem is that AIM can use port 80. However, there are some cute blocking tricks. See:

It works by sniffing the title of the program. It's not free (3 home users for $60). It requires either a server, modified network login script, or must be installed on the client machine. It won't work on the router. I tried the 30 day trial version which worked as advertised. I made no attempt to see if it could be circumvented. However, the client didn't want to pay $400 for a site license, so we just yelled at the employees, which was amazingly effective.

Reply to
Jeff Liebermann

On Sun, 11 Feb 2007 17:21:30 -0800, Jeff Liebermann wrote in :

Proxy is the only sure bet. Proper parenting is the best bet.

Reply to
John Navas

How is "proxy" set up ? Can I do this on my router ?

Thanks !

Reply to
davejunkmail123

On 11 Feb 2007 18:17:34 -0800, snipped-for-privacy@gmail.com wrote in :

No, separate computer, and a major undertaking.

Reply to
John Navas

John Navas hath wroth:

I don't think a proxy server will work. I don't know of any proxy server that can distinguish between HTTP traffic and AIM traffic on port 80. (AIM can use port 80). However, there may be one that can inspect the contents and pass/block based on what it finds. Dunno. Another problem with proxy servers is that there are a substatial number of bypass servers or "circumventors" that render the local proxy server ineffective.

Reply to
Jeff Liebermann

On Sun, 11 Feb 2007 20:48:47 -0800, Jeff Liebermann wrote in :

Bingo. Proxy can work by detecting and totally blocking the AIM protocol, although to be clear my "sure bet" was in reference to a kid, not an all-out assault -- as I wrote earlier, there is "no perfect solution." Proxy could also be used to block the AIM website. Together that should stop the great majority of kids.

Circumventors only work with partial (website, geography) blocking, like the AIM website, not total (AIM) protocol blocking, and could probably be defeated even for the AIM website with content filtering.

See Intercepting Proxy in that same article, which is how proxy and thus its policies can be enforced.

But all this is of course way overkill -- a simple solution like IM Lock Home is probably all the OP needs.

Reply to
John Navas

Remove AIM or uninstall it from the computer. Set yourself up as administrator for this computer to keep kids from re-installing it. Grow a backbone and be the parent.

gb

"There's no way to rule innocent men. The only power any government has is the power to crack down on criminals. Well, when there aren't enough criminals, one makes them. One declares so many things to be a crime that it becomes impossible to live without breaking laws."

-- Ayn Rand, Atlas Shrugged

snipped-for-privacy@gmail.com wrote:

Reply to
gray-beard

Sure, make rules and enforce them. Such as "kids, I don't want you to use aol on the computer" if that doesn't work then "kids, I asked you not to use aol, if you do it again the computer will be removed for a month". If you find aol being used then remove the computer per your warning.

Reply to
George

Edit the %WINDIR%\\system32\\drivers\\etc\\hosts file. Put in a line that reads:

127.0.0.1 login.oscar.aol.com

That'll tell that PC to resolve back to itself when looking up the login server for AIM.

Then police that file to see that the child hasn't been deliberately altering it.

This is definitely not a perfectly secure setup and can be easily worked around. But that 'working around' will show deliberate disobediance on the part of the child. Use that as part of other parallel 'good parenting' practices.

If you've got a PC on the home network that's running constantly then you could go so far as to run a DNS server on it. And then block outbound DNS traffic for anything but that computer. Then configuring a fake domain for oscar.aol.com that resolves back to the 127.0.0.1 loopback address. If it's a server and it's running the server OS you could also set it up as a domain controller and use network policies to really put a tighter grip on it. You can escalate this 'arms race' quite a bit' but to what end?

None of it will be foolproof. Thus it's often easier, cheaper, better in the long run, to employ more traditional parenting skills.

-Bill Kearney

Reply to
Bill Kearney

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.