OpenDNS Forums
The official support and discussion site of OpenDNS
Support
K-12 Forums
Categories
- Administrative
- Adult site blocking
- DNS-O-Matic / dynamic IPs
- Domain blocking
- Domain Name System (DNS) troubles
- Mobile instructions
- OpenDNS services
- Proxies, accelerators, and more
- Router instructions
- Satellite
- Shortcuts
- Wishlists and feature requests
-
Feeds
Vanilla 1.1.4 is a product of Lussumo. More Information: Documentation, Community Support.
This discussion has been inactive for longer than 30 days, and is thus closed.
-
- CommentAuthorardenglennp
- CommentTimeMar 25th 2008 edited
How to block? -
- CommentAuthorwestmillfoods
- CommentTimeMar 25th 2008 edited
I doubt limewire will use DNS apart from reverse dns of other limewire clients (Please correct me if I am wrong!).
Uninstall Limewire and lock down your users to user only accounts or block it at your firewall. -
- CommentAuthorbill fumerola
- CommentTimeMar 25th 2008
blocking p2p is really an arms race. the clients are getting better at hiding themselves. entire companies have dedicated engineering organizations working on ways to block and/or rate-limit it. there are corporations that develop appliances to do this and corporations that purchase them.
DNS isn't really involved in much or any of the p2p arena and anything OpenDNS did to try and crimp it could easily been worked around.
we love adding features and value. some of the best ideas come from our users. solving this problem just isn't in our space nor is it even possible with DNS manipulation.
depending on your environment, rate-limiting your users in general may be possible. there's a lot of information available online on dealing with this problem.
if you're a business/office client, a word of wisdom: sometimes the best way to solve a social problem isn't with a technical solution. stop users running software they shouldn't.
if you're an ISP with this problem, that's a whole different story.Thankful People: nark, mikeosmith, ricky1146, dahia, nethgch_admin, Luiz Fellipe Carneiro -
- CommentAuthorardenglennp
- CommentTimeMar 26th 2008 edited
how about ? -
- CommentAuthorLuiz Fellipe Carneiro
- CommentTimeMar 26th 2008
Bill is right.
There is some piece of software that are also very hard to stop: Skype. It doesn't use DNS, can use almosts any open port, including port 80, can use UDP and TCP, etc...
MSN messenger also tries to use port 80 when the main TCP port is blocked. Was a hell here when they implemented this feature. -
- CommentAuthorwestmillfoods
- CommentTimeMar 26th 2008
You'd need a very expensive gateway to do proper content filtering and then again as the last few posts have stated software is changed to mimic other types of web traffic.
In emule I have seen a feature where it will mimic web traffic and that makes it very hard to detect. -
i had blocked p2p in our organization. i recommend to use a firewall program on your gateway.
-
- CommentAuthorScott Neidert
- CommentTimeMar 28th 2008 edited
Leverage software restrictions through AD group policy to disallow anything to run that you don't authorize and remove users Administrator rights so they can't install their own software. Do yourself a favor and take control of your network. If you are relying on OpenDNS to stop this you are fighting this from the wrong end. -
Personally Bill is right, myself having p2p affiliations it will never end. It is an arms race. Why not either migrate to linux, or give user accounts less privelages.
-
Question. then if the user used say smart hide or used another proxy server and then went on limewire surely that would just circumvent the blocks?
-
Another thought, if all the computers had to go thru one server then sticking say zonealarm and blocking limewire then would work or would it. I suppose it depends on the server.
-
The stopping of software is a no brainer as everyone knows that all you do is plug in your own portable harddrive with the proggies on that you want to run.
We did that 5 years or more ago. -
@ this post
blocking p2p is really an arms race. the clients are getting better at hiding themselves. entire companies have dedicated engineering organizations working on ways to block and/or rate-limit it. there are corporations that develop appliances to do this and corporations that purchase them.
DNS isn't really involved in much or any of the p2p arena and anything OpenDNS did to try and crimp it could easily been worked around.
we love adding features and value. some of the best ideas come from our users. solving this problem just isn't in our space nor is it even possible with DNS manipulation.
depending on your environment, rate-limiting your users in general may be possible. there's a lot of information available online on dealing with this problem.
if you're a business/office client, a word of wisdom: sometimes the best way to solve a social problem isn't with a technical solution. stop users running software they shouldn't.
if you're an ISP with this problem, that's a whole different story.
why does it say it blocks p2p programs in the categories section?
you guys should probably take that out... -
- CommentAuthorJonathan Yaniv
- CommentTimeJun 21st 2008
Blocks websites that serve downloads to download the P2P client, such as limewire.com, kazaa.com, etc...
Torrent sites, etc.. -
read the yellow highlight box when you put your cursor over it.
-
The best advice I can give, is launch Limewire, with Wireshard (ethereal), or, Windows "Fiddler2" - an HTTP Debugging proxy running in the background.
You _will_ see some http requests....I know for a fact LW makes some requests to external servers to "grab" the initial pool of connections (leaf nodes or something I think they call them....) - from there though, you "discover" other peers continuously. -
question: Does it help blocking ranges of ports in your router?
-
We're pretty strict, we run IP-Cop firewalls, block ALL through traffic, forcing everything through proxy, we then block all sites by default, and have an allowable site list.
Staff send requests for sites to IT and they check the safety and suitability of the site before adding it to the acceptable list.
Creates a bit of work but really helps protect us from spyware / adsites etc, and of course totally wipes out the proxy site issue too.
In terms of using external drives etc, any serious IT dept would disable USB & any optical / floppy drives in the bios, plus password the bios. -
@ rickt500
first off, i am going to take a stab and say that i dont think EVERY mobo has the feature to disable optical drives and USB ports. i am willing to bet that, in a windows environment, these options could be disabled via Group Policy.
second, instead of saying 'serious IT' department...that should be changed to work/boss environment. i CAN block our users from all of those things, however, we are such a small company, my boss is somewhat against all that, he wants the users to have some freedom. if it were up to me, i would have a much more locked down network, however, IT departments vary from company to company.
you do make valid points, however. -
P2P is really hard block though there seems to be some breaktrough in this area. Look at this article they are solving this bij math :) Its very intresting.
http://www.hothardware.com/News/Another_Inventor_Of_The_Internet_Wants_To_Gag_It/
Offtopic:
rickt500... i guess opinions vary on this subject. If your company is very dependent on the internet the costs would be huge to play BigBrother all the time and creates an unpleasant enviroment to work in. IMHO its almost never needed if you have decent securityplan (it depends ofcourse how critical the information is that the users can access).
Disabling USB ports thing again is the cost to manage all that has its costs and sometimes outways the benifit. Still often e-mail is in place so thats still a gateway to get the same files in or out wich you would do on USB, so in short your only annoying your users.
IMHO its better to block all unwanted things at Network and OS level so you only need to manage those security platforms.
But then again it all depends on what kind of bussiness your in. But i don't want to waste my time on trivial things like adding websites to a whitelist or allowing access storage devices. This is just my 2 cents.
1 to 20 of 20
This discussion has been inactive for longer than 30 days, and is thus closed.
