Solved

IP ranges to block FaceBook and Myspace?

Posted on 2008-10-07
16
45,189 Views
Last Modified: 2010-07-09
Hello!

I need to block facebook and myspace (any suggestion of a like sites is welcome),
But I could not know the exact IPs to block, and I'm afrai to block the whole  69.63.x.x range. for facebook, it might include other websites.
Any Help is appreciated
0
Comment
Question by:khamees79
  • 4
  • 3
  • 3
  • +5
16 Comments
 
LVL 26

Accepted Solution

by:
Soulja earned 125 total points
ID: 22659030
Here are some facebook ips
 www.facebook.com A INET 69.63.176.12
 www.facebook.com A INET 69.63.176.13
 www.facebook.com A INET 69.63.176.14
 www.facebook.com A INET 204.15.20.25
 www.facebook.com A INET 204.15.20.26
 www.facebook.com A INET 69.63.176.11
 
 69.63.176.1-69.63.191.255
 204.15.20.1-204.15.23.255

You can search for myspace ips also, but your best bet is to get some type of content/web filter. If cost is an issue. There is a good open source solution called Untangle. I use this at home for my kids. It works well. www.untangle.com
0
 
LVL 12

Expert Comment

by:Donnie4572
ID: 22659727
how many computers?
You could add this to the host file on the computer. If the user is not admin they cannot change it.
c:\windows\system32\drivers\etc\hosts

open it with notepad and add these lines at the bottom.
myspace.com    127.0.0.1
facebook.com    127.0.0.1

that is domainName  TAB  IPaddress

this will force the machine to connect to the loopback address for those domain names.

Donnie
0
 
LVL 26

Expert Comment

by:Soulja
ID: 22659794
Donnie is on to something. That makes a lot of sense too. Take into account that these sites have lots of subdomains also.
0
 
LVL 1

Author Comment

by:khamees79
ID: 22661631
Thanks guys, I'm talking about 80+ computers, so editing host files is not an option for me,
as I need a flexible solution to allow some, add more domains in the black list,etcc
Untangle might be an option (can not afford ISA server now), I downloaded it today, will test tomorrow.
If you guys can suggest some open source suite that can cache the sites too, I would be very thankful.
I will return with more info about my test soon.

Best Regards
0
 
LVL 26

Expert Comment

by:Soulja
ID: 22661680
If you did want to edit the host file of all of the computers you could just write a login script that would copy the update host file, or use a group policy.

As for open source caching I have heard that squid is pretty good. Haven't used it myself, but plan on messing around with it when I get some time.

http://www.squid-cache.org/
0
 
LVL 12

Expert Comment

by:Donnie4572
ID: 22661780
You could add the domain names to your internal dns, this would cause the traffic to drop. I think this is sloppy but it would work.

Trying to blacklist IP's is a nightmare.

You should have no trouble finding open source firewall with url filter
http://www.google.com/search?hl=en&q=%22open+source+firewall%22+%22url+filter%22&aq=f&oq=

the problem is to deploy in production will require testing for stability and security.

The ASA 5505 will do what you are asking using RegEX.
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_brochure0900aecd80402e36.html


Donnie

0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22665945
I agree with the addition of catchall DNS names in your local DNS server that resolve to something like your homepage or another location you pick.
You will need to create a new DNS zone in your DNS server for facebook.com or whatever other sites you want to block and then add an a record for * to catchall subdomains they might try and also a blank record. This should solve your problem.
BTW - this cannot be done with an ASA 5505 to my knowledge... it requires the CSC module it at minimum an ASA 5510.
Cheers!
0
 
LVL 1

Author Comment

by:khamees79
ID: 22670854
changing the DNS would create a problem, as some employees need these sites to be open for their work. so i'm considering Untangle , i did not use it yet, but i read many good things about it, specially the add on to integrate it with AD.
for the time being, i'll just block the popular IPs of facebook, then pray .

thanks all for your help.
0
3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

 
LVL 1

Author Comment

by:khamees79
ID: 22670868
one more thing,  I wounder SOULJA if you can give me a hint (or a frame script ) that will edit the host files?
0
 
LVL 26

Expert Comment

by:Soulja
ID: 22671016
0
 
LVL 7

Expert Comment

by:marook
ID: 24372956
Interesting debate, and I can see the need sometimes, but...

Is it not possible to log the access to those sites, and then tell users that they loose their job accessing it, if it's not part of their job to do so?

That's what we do.
0
 
LVL 12

Expert Comment

by:Donnie4572
ID: 24379802
I agree! We are Adminstrators, not policemen!

For the companies I have worked for, It is my job that is lost if I'm not successful at blocking unwanted non company related material.

Donnie
0
 
LVL 1

Expert Comment

by:benomg
ID: 25175152
Agreed it's not our job, but sometimes it can mean the difference between keeping someone on who is a good salesperson and letting them go because they won't listen to instruction. So for the good of the company...
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 25545658
using MPF to block Facebook http://www.petenetlive.com/TecBin/KB/0000054.htm
 
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 30598702
0
 
LVL 28

Expert Comment

by:bgoering
ID: 33176255
Might be better off blocking by regex on dns names and a policy map

http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Firewalls/Cisco_PIX_Firewall/Q_23641502.html#a22216049

Its easy to add other domains using this method - once set up just add a regex for the domain names to block
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Netgear switch to Cisco switch VLAN not passing traffic 8 32
Tagging ports on a managed switch 6 49
Etherchannel trunking 10 40
Cost effective dual wan w/ qos 5 24
This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers outbound connectivity only.  The ASA does not have built…
I wrote this article to explain some important DNS concepts that should be known to avoid some typical configuration errors I often see in forums. I assume that what is described here is the typical behavior of Microsoft DNS client. I don't know …
This is a video that shows how the OnPage alerts system integrates into ConnectWise, how a trigger is set, how a page is sent via the trigger, and how the SENT, DELIVERED, READ & REPLIED receipts get entered into the internal tab of the ConnectWise …
Delivering innovative fully-managed cloud services for mission-critical applications requires expertise in multiple areas plus vision and commitment. Meet a few of the people behind the quality services of Concerto.

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now