Solved

IP ranges to block FaceBook and Myspace?

Posted on 2008-10-07
16
45,246 Views
Last Modified: 2010-07-09
Hello!

I need to block facebook and myspace (any suggestion of a like sites is welcome),
But I could not know the exact IPs to block, and I'm afrai to block the whole  69.63.x.x range. for facebook, it might include other websites.
Any Help is appreciated
0
Comment
Question by:khamees79
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
  • +5
16 Comments
 
LVL 26

Accepted Solution

by:
Soulja earned 125 total points
ID: 22659030
Here are some facebook ips
 www.facebook.com A INET 69.63.176.12
 www.facebook.com A INET 69.63.176.13
 www.facebook.com A INET 69.63.176.14
 www.facebook.com A INET 204.15.20.25
 www.facebook.com A INET 204.15.20.26
 www.facebook.com A INET 69.63.176.11
 
 69.63.176.1-69.63.191.255
 204.15.20.1-204.15.23.255

You can search for myspace ips also, but your best bet is to get some type of content/web filter. If cost is an issue. There is a good open source solution called Untangle. I use this at home for my kids. It works well. www.untangle.com
0
 
LVL 12

Expert Comment

by:Donnie4572
ID: 22659727
how many computers?
You could add this to the host file on the computer. If the user is not admin they cannot change it.
c:\windows\system32\drivers\etc\hosts

open it with notepad and add these lines at the bottom.
myspace.com    127.0.0.1
facebook.com    127.0.0.1

that is domainName  TAB  IPaddress

this will force the machine to connect to the loopback address for those domain names.

Donnie
0
 
LVL 26

Expert Comment

by:Soulja
ID: 22659794
Donnie is on to something. That makes a lot of sense too. Take into account that these sites have lots of subdomains also.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:khamees79
ID: 22661631
Thanks guys, I'm talking about 80+ computers, so editing host files is not an option for me,
as I need a flexible solution to allow some, add more domains in the black list,etcc
Untangle might be an option (can not afford ISA server now), I downloaded it today, will test tomorrow.
If you guys can suggest some open source suite that can cache the sites too, I would be very thankful.
I will return with more info about my test soon.

Best Regards
0
 
LVL 26

Expert Comment

by:Soulja
ID: 22661680
If you did want to edit the host file of all of the computers you could just write a login script that would copy the update host file, or use a group policy.

As for open source caching I have heard that squid is pretty good. Haven't used it myself, but plan on messing around with it when I get some time.

http://www.squid-cache.org/
0
 
LVL 12

Expert Comment

by:Donnie4572
ID: 22661780
You could add the domain names to your internal dns, this would cause the traffic to drop. I think this is sloppy but it would work.

Trying to blacklist IP's is a nightmare.

You should have no trouble finding open source firewall with url filter
http://www.google.com/search?hl=en&q=%22open+source+firewall%22+%22url+filter%22&aq=f&oq=

the problem is to deploy in production will require testing for stability and security.

The ASA 5505 will do what you are asking using RegEX.
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_brochure0900aecd80402e36.html


Donnie

0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22665945
I agree with the addition of catchall DNS names in your local DNS server that resolve to something like your homepage or another location you pick.
You will need to create a new DNS zone in your DNS server for facebook.com or whatever other sites you want to block and then add an a record for * to catchall subdomains they might try and also a blank record. This should solve your problem.
BTW - this cannot be done with an ASA 5505 to my knowledge... it requires the CSC module it at minimum an ASA 5510.
Cheers!
0
 
LVL 1

Author Comment

by:khamees79
ID: 22670854
changing the DNS would create a problem, as some employees need these sites to be open for their work. so i'm considering Untangle , i did not use it yet, but i read many good things about it, specially the add on to integrate it with AD.
for the time being, i'll just block the popular IPs of facebook, then pray .

thanks all for your help.
0
 
LVL 1

Author Comment

by:khamees79
ID: 22670868
one more thing,  I wounder SOULJA if you can give me a hint (or a frame script ) that will edit the host files?
0
 
LVL 26

Expert Comment

by:Soulja
ID: 22671016
0
 
LVL 7

Expert Comment

by:marook
ID: 24372956
Interesting debate, and I can see the need sometimes, but...

Is it not possible to log the access to those sites, and then tell users that they loose their job accessing it, if it's not part of their job to do so?

That's what we do.
0
 
LVL 12

Expert Comment

by:Donnie4572
ID: 24379802
I agree! We are Adminstrators, not policemen!

For the companies I have worked for, It is my job that is lost if I'm not successful at blocking unwanted non company related material.

Donnie
0
 
LVL 1

Expert Comment

by:benomg
ID: 25175152
Agreed it's not our job, but sometimes it can mean the difference between keeping someone on who is a good salesperson and letting them go because they won't listen to instruction. So for the good of the company...
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 25545658
using MPF to block Facebook http://www.petenetlive.com/TecBin/KB/0000054.htm
 
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 30598702
0
 
LVL 28

Expert Comment

by:bgoering
ID: 33176255
Might be better off blocking by regex on dns names and a policy map

http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Firewalls/Cisco_PIX_Firewall/Q_23641502.html#a22216049

Its easy to add other domains using this method - once set up just add a regex for the domain names to block
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I wrote this article to explain some important DNS concepts that should be known to avoid some typical configuration errors I often see in forums. I assume that what is described here is the typical behavior of Microsoft DNS client. I don't know …
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question