Solved

IP ranges to block FaceBook and Myspace?

Posted on 2008-10-07
16
45,166 Views
Last Modified: 2010-07-09
Hello!

I need to block facebook and myspace (any suggestion of a like sites is welcome),
But I could not know the exact IPs to block, and I'm afrai to block the whole  69.63.x.x range. for facebook, it might include other websites.
Any Help is appreciated
0
Comment
Question by:khamees79
  • 4
  • 3
  • 3
  • +5
16 Comments
 
LVL 26

Accepted Solution

by:
Soulja earned 125 total points
Comment Utility
Here are some facebook ips
 www.facebook.com A INET 69.63.176.12
 www.facebook.com A INET 69.63.176.13
 www.facebook.com A INET 69.63.176.14
 www.facebook.com A INET 204.15.20.25
 www.facebook.com A INET 204.15.20.26
 www.facebook.com A INET 69.63.176.11
 
 69.63.176.1-69.63.191.255
 204.15.20.1-204.15.23.255

You can search for myspace ips also, but your best bet is to get some type of content/web filter. If cost is an issue. There is a good open source solution called Untangle. I use this at home for my kids. It works well. www.untangle.com
0
 
LVL 12

Expert Comment

by:Donnie4572
Comment Utility
how many computers?
You could add this to the host file on the computer. If the user is not admin they cannot change it.
c:\windows\system32\drivers\etc\hosts

open it with notepad and add these lines at the bottom.
myspace.com    127.0.0.1
facebook.com    127.0.0.1

that is domainName  TAB  IPaddress

this will force the machine to connect to the loopback address for those domain names.

Donnie
0
 
LVL 26

Expert Comment

by:Soulja
Comment Utility
Donnie is on to something. That makes a lot of sense too. Take into account that these sites have lots of subdomains also.
0
 
LVL 1

Author Comment

by:khamees79
Comment Utility
Thanks guys, I'm talking about 80+ computers, so editing host files is not an option for me,
as I need a flexible solution to allow some, add more domains in the black list,etcc
Untangle might be an option (can not afford ISA server now), I downloaded it today, will test tomorrow.
If you guys can suggest some open source suite that can cache the sites too, I would be very thankful.
I will return with more info about my test soon.

Best Regards
0
 
LVL 26

Expert Comment

by:Soulja
Comment Utility
If you did want to edit the host file of all of the computers you could just write a login script that would copy the update host file, or use a group policy.

As for open source caching I have heard that squid is pretty good. Haven't used it myself, but plan on messing around with it when I get some time.

http://www.squid-cache.org/
0
 
LVL 12

Expert Comment

by:Donnie4572
Comment Utility
You could add the domain names to your internal dns, this would cause the traffic to drop. I think this is sloppy but it would work.

Trying to blacklist IP's is a nightmare.

You should have no trouble finding open source firewall with url filter
http://www.google.com/search?hl=en&q=%22open+source+firewall%22+%22url+filter%22&aq=f&oq=

the problem is to deploy in production will require testing for stability and security.

The ASA 5505 will do what you are asking using RegEX.
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_brochure0900aecd80402e36.html


Donnie

0
 
LVL 12

Expert Comment

by:Pugglewuggle
Comment Utility
I agree with the addition of catchall DNS names in your local DNS server that resolve to something like your homepage or another location you pick.
You will need to create a new DNS zone in your DNS server for facebook.com or whatever other sites you want to block and then add an a record for * to catchall subdomains they might try and also a blank record. This should solve your problem.
BTW - this cannot be done with an ASA 5505 to my knowledge... it requires the CSC module it at minimum an ASA 5510.
Cheers!
0
 
LVL 1

Author Comment

by:khamees79
Comment Utility
changing the DNS would create a problem, as some employees need these sites to be open for their work. so i'm considering Untangle , i did not use it yet, but i read many good things about it, specially the add on to integrate it with AD.
for the time being, i'll just block the popular IPs of facebook, then pray .

thanks all for your help.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 1

Author Comment

by:khamees79
Comment Utility
one more thing,  I wounder SOULJA if you can give me a hint (or a frame script ) that will edit the host files?
0
 
LVL 26

Expert Comment

by:Soulja
Comment Utility
0
 
LVL 7

Expert Comment

by:marook
Comment Utility
Interesting debate, and I can see the need sometimes, but...

Is it not possible to log the access to those sites, and then tell users that they loose their job accessing it, if it's not part of their job to do so?

That's what we do.
0
 
LVL 12

Expert Comment

by:Donnie4572
Comment Utility
I agree! We are Adminstrators, not policemen!

For the companies I have worked for, It is my job that is lost if I'm not successful at blocking unwanted non company related material.

Donnie
0
 
LVL 1

Expert Comment

by:benomg
Comment Utility
Agreed it's not our job, but sometimes it can mean the difference between keeping someone on who is a good salesperson and letting them go because they won't listen to instruction. So for the good of the company...
0
 
LVL 57

Expert Comment

by:Pete Long
Comment Utility
using MPF to block Facebook http://www.petenetlive.com/TecBin/KB/0000054.htm
 
0
 
LVL 57

Expert Comment

by:Pete Long
Comment Utility
0
 
LVL 28

Expert Comment

by:bgoering
Comment Utility
Might be better off blocking by regex on dns names and a policy map

http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Firewalls/Cisco_PIX_Firewall/Q_23641502.html#a22216049

Its easy to add other domains using this method - once set up just add a regex for the domain names to block
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now