• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 45295
  • Last Modified:

IP ranges to block FaceBook and Myspace?

Hello!

I need to block facebook and myspace (any suggestion of a like sites is welcome),
But I could not know the exact IPs to block, and I'm afrai to block the whole  69.63.x.x range. for facebook, it might include other websites.
Any Help is appreciated
0
khamees79
Asked:
khamees79
  • 4
  • 3
  • 3
  • +5
1 Solution
 
SouljaCommented:
Here are some facebook ips
 www.facebook.com A INET 69.63.176.12
 www.facebook.com A INET 69.63.176.13
 www.facebook.com A INET 69.63.176.14
 www.facebook.com A INET 204.15.20.25
 www.facebook.com A INET 204.15.20.26
 www.facebook.com A INET 69.63.176.11
 
 69.63.176.1-69.63.191.255
 204.15.20.1-204.15.23.255

You can search for myspace ips also, but your best bet is to get some type of content/web filter. If cost is an issue. There is a good open source solution called Untangle. I use this at home for my kids. It works well. www.untangle.com
0
 
Donnie4572Commented:
how many computers?
You could add this to the host file on the computer. If the user is not admin they cannot change it.
c:\windows\system32\drivers\etc\hosts

open it with notepad and add these lines at the bottom.
myspace.com    127.0.0.1
facebook.com    127.0.0.1

that is domainName  TAB  IPaddress

this will force the machine to connect to the loopback address for those domain names.

Donnie
0
 
SouljaCommented:
Donnie is on to something. That makes a lot of sense too. Take into account that these sites have lots of subdomains also.
0
Exciting career futures for women in IT

Education has the power to transform lives and open the door to new career opportunities. By earning an IT degree from WGU, you can become a highly skilled IT professional. Get the credentials and certifications you need to become a leader in this rewarding field.  

 
khamees79Author Commented:
Thanks guys, I'm talking about 80+ computers, so editing host files is not an option for me,
as I need a flexible solution to allow some, add more domains in the black list,etcc
Untangle might be an option (can not afford ISA server now), I downloaded it today, will test tomorrow.
If you guys can suggest some open source suite that can cache the sites too, I would be very thankful.
I will return with more info about my test soon.

Best Regards
0
 
SouljaCommented:
If you did want to edit the host file of all of the computers you could just write a login script that would copy the update host file, or use a group policy.

As for open source caching I have heard that squid is pretty good. Haven't used it myself, but plan on messing around with it when I get some time.

http://www.squid-cache.org/
0
 
Donnie4572Commented:
You could add the domain names to your internal dns, this would cause the traffic to drop. I think this is sloppy but it would work.

Trying to blacklist IP's is a nightmare.

You should have no trouble finding open source firewall with url filter
http://www.google.com/search?hl=en&q=%22open+source+firewall%22+%22url+filter%22&aq=f&oq=

the problem is to deploy in production will require testing for stability and security.

The ASA 5505 will do what you are asking using RegEX.
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_brochure0900aecd80402e36.html


Donnie

0
 
PugglewuggleCommented:
I agree with the addition of catchall DNS names in your local DNS server that resolve to something like your homepage or another location you pick.
You will need to create a new DNS zone in your DNS server for facebook.com or whatever other sites you want to block and then add an a record for * to catchall subdomains they might try and also a blank record. This should solve your problem.
BTW - this cannot be done with an ASA 5505 to my knowledge... it requires the CSC module it at minimum an ASA 5510.
Cheers!
0
 
khamees79Author Commented:
changing the DNS would create a problem, as some employees need these sites to be open for their work. so i'm considering Untangle , i did not use it yet, but i read many good things about it, specially the add on to integrate it with AD.
for the time being, i'll just block the popular IPs of facebook, then pray .

thanks all for your help.
0
 
khamees79Author Commented:
one more thing,  I wounder SOULJA if you can give me a hint (or a frame script ) that will edit the host files?
0
 
marookCommented:
Interesting debate, and I can see the need sometimes, but...

Is it not possible to log the access to those sites, and then tell users that they loose their job accessing it, if it's not part of their job to do so?

That's what we do.
0
 
Donnie4572Commented:
I agree! We are Adminstrators, not policemen!

For the companies I have worked for, It is my job that is lost if I'm not successful at blocking unwanted non company related material.

Donnie
0
 
benomgCommented:
Agreed it's not our job, but sometimes it can mean the difference between keeping someone on who is a good salesperson and letting them go because they won't listen to instruction. So for the good of the company...
0
 
Pete LongConsultantCommented:
using MPF to block Facebook http://www.petenetlive.com/TecBin/KB/0000054.htm
 
0
 
Pete LongConsultantCommented:
0
 
bgoeringCommented:
Might be better off blocking by regex on dns names and a policy map

http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Firewalls/Cisco_PIX_Firewall/Q_23641502.html#a22216049

Its easy to add other domains using this method - once set up just add a regex for the domain names to block
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 4
  • 3
  • 3
  • +5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now