|
I'm at an internship right now, and I have close connections with my boss (and yes I was allowed to come here for this one reason that I'm about to say).
She blocked facebook and youtube through the Restrict Access panel on linksys router, model-G WRT4G, firmware version v8.00.6
Unfortunately, kids found their way through the block by adding https in front of the website. This secure connection allowed them to bypass the block and started accessing the website.
If there's anyway that we can block only those two websites, we would be grateful (We could've blocked https overall, but gmail and google docs depend on https connection. We really need these two websites blocked so that other kids actually start working.
|
16938 Posts
Wait, so you're the office snitch? :/
In any case, they probably WILL find a way around any blocks you might impose. Back in highschool I used to VNC myself on a friend's server and remotely access unblocked internet through the shell. You should probably just get your boss to say "facebook and youtube go against company policy blah blah blah" and threaten some sort of punishment (lowering their pay to minimum wage for however long they're on it or something...probably not legally enforceable, but whatever).
|
Since you can't inspect the packet content, the best way to do this would be to block traffic to the destination IPs. Unfortunately big sites like facebook have many IPs for load balancing, eg
$ host facebook.com facebook.com has address 69.63.189.11 facebook.com has address 69.63.181.11 facebook.com has address 69.63.181.12 facebook.com has address 69.63.189.16
$ host www.facebook.com www.facebook.com has address 66.220.147.33
$ host login.facebook.com login.facebook.com has address 69.63.181.26
etc.
|
I agree with the poster above Rich. What you should try to do is teach them office etics. If they wanna wast your time they will find other ways and sites like dumpert.nl failbook.com failblog.org or other social sites. If they really care that mutch you can learn to set a proxy in half a hour (they can learn this even in office time). Teaching them how to behave properly (maybe even with pennalties for misbehaviour) will give you a stronger employee base.
As fas a blocking sites i have no experience. But it will never last long for them to find a way to acces it.
|
16938 Posts
On July 13 2010 05:31 R1CH wrote:Since you can't inspect the packet content, the best way to do this would be to block traffic to the destination IPs. Unfortunately big sites like facebook have many IPs for load balancing, eg $ host facebook.com facebook.com has address 69.63.189.11 facebook.com has address 69.63.181.11 facebook.com has address 69.63.181.12 facebook.com has address 69.63.189.16 $ host www.facebook.comwww.facebook.com has address 66.220.147.33 $ host login.facebook.com login.facebook.com has address 69.63.181.26 etc.
Haha leave it to rich to find an -actual- solution T_T
|
there are always going to be ways around blocking websites, if you find a way to block all of facebook's IPs, they could always browse facebook through proxies, etc. I must say though, it's poor management practice to block people from visiting websites, because everyone needs to take breaks throughout the day. A happy worker is a productive worker.
|
On July 13 2010 05:48 AcrossFiveJulys wrote: there are always going to be ways around blocking websites, if you find a way to block all of facebook's IPs, they could always browse facebook through proxies, etc. I must say though, it's poor management practice to block people from visiting websites, because everyone needs to take breaks throughout the day. A happy worker is a productive worker.
And a lazy worker is a nonproductive worker.
I can definitely see why bosses need to block certain stuff in the workplace. Work is work .. if you want to fool around do it on your own time. If you don't have the discipline to do something as simple as not check fb at work ... you won't get far in any job if not life.
|
Canada9720 Posts
if you have an office dns server, you can put an entry in the hosts file for 127.0.0.1 facebook.com
or you can use firewall software like untangle http://www.untangle.com/ untangle's probably over-kill though
|
On July 13 2010 05:53 lac29 wrote:Show nested quote +On July 13 2010 05:48 AcrossFiveJulys wrote: there are always going to be ways around blocking websites, if you find a way to block all of facebook's IPs, they could always browse facebook through proxies, etc. I must say though, it's poor management practice to block people from visiting websites, because everyone needs to take breaks throughout the day. A happy worker is a productive worker. And a lazy worker is a nonproductive worker. I can definitely see why bosses need to block certain stuff in the workplace. Work is work .. if you want to fool around do it on your own time. If you don't have the discipline to do something as simple as not check fb at work ... you won't get far in any job if not life. Not necessarily true. The new trend is to have a relaxed and nurturing athmosphere at the office because relaxed workers are both more productive and more creative.
Obviously this might hurt more than help if the job doesn't require creativity.
|
lol i had a bunch of experience bypassing this crap XD
it really is impossible to permanently block facebook and youtube. you'll need some external motivators. like whips.
|
|
Unk style : block every ip starting with 69.63.*
Less retarded : loopback the domain in the hosts file. But this can be bypassed easily if they know facebook's ip address.
|
Zurich15306 Posts
It's just not possible, people will always find a way around it. Do you want them to waste time on facebook or do you want them to waste time to find a bypass to your facebook blocker and THEN waste time on facebook.
As some people have said, office policy and ethics are probably way more effective than overly complicated tech "solutions". Of course, that would require talking to people and actual management skill. A lazy boss will probably prefer pressing some buttons instead of actually managing their people. Or, better, have you pressing some buttons and not deal with this at all.
|
There is always a way around it esp if you allow a secure connection https then one can always use a vpn or proxy or their own.
|
wow. R1CH the wizard. conjuring shit up. i dont even understand WHY there's a $ sign in front of the facebook unreal
and within 10 minutes of the OP scary scary shit.
|
|
|
|