Your IP:

Our Forums Have Moved!

Visit our new forums at http://community.opendns.com/forums/ to post on topics and read the latest content. These forums are now read-only archives.

K-12 Forums

Talk with other K-12 network administrators in your state.

Or see all states.

Categories

Vanilla 1.1.4 is a product of Lussumo. More Information: Documentation, Community Support.

This discussion has been inactive for longer than 30 days, and is thus closed.
    • CommentAuthoruniquee
    • CommentTimeApr 26th 2012
     permalink
    hi all have been searching through the forum only with no luck as to what im looking for...

    It might be something very simple but i am currently having some users trying to access pornographic websites. Problem is with multiple computers on the network i dont completely know who is doing it..is there a way to limit and figure out what IP address is trying to go to those websites..this would help me narrow down who is the one trying to go to those websites...can someone guide me in the way to have this done? thanks
    Thankful People: designmom
    • CommentAuthorrotblitz
    • CommentTimeApr 26th 2012 edited
     permalink
    "have been searching through the forum only with no luck as to what im looking for..."

    A good sign that nothing exists, not only in this forum. But no, this is actually one of the most asked questions:

    "is there a way to limit and figure out what IP address is trying to go to those websites"

    No, not with OpenDNS. Or would you like that an external service would be able to analyze everything about your internal LAN setup? Want to become a welcomed victim for every hacker? :shocked:

    And no, anyway not about "to go to those websites". The OpenDNS stats aren't about visiting websites, in no way, they are about your network's DNS lookups, i.e. your looks into the phone book of the internet. OpenDNS cannot monitor your "phone lines", i.e. your visits to any website. You don't provide them with this information, so they can't log it.
    Thankful People: zelus
    • CommentAuthorjdrash1
    • CommentTimeApr 26th 2012
     permalink
    First, how important is it to know which PC it was? So, someone tried to "open a locked door", meh. OK, if you are a business and have your own DNS servers on site and forward your requests to OPenDNS, you can turn on query logging to see what IPs ask for what. Why bother?
    • CommentAuthortopcoder
    • CommentTimeApr 27th 2012
     permalink
    Do a google search for "Web filtering Software" their are plenty of third party solutions to this issue. The reports some of these tools generate is eye-opening.

    Henry
    www.unlocktheinbox.com
  1.  permalink
    That's not "which domain is trying to be accessed"* it's "who is trying to access a blocked domain".

    *I can only assume this construct really means "which domain someone is trying to access".

    The way to limit access is already what you are doing: blocking the domains. The way to find out is entirely up to you and your network. maybe you already have logging capabilities at a router or server. Or there is filtering software and spyware. All of these, to be used effectively, imply that you already have full rights and actual control of the network. If you don't (e.g., users are administrators of their own devices and you are not), then don't even worry about this, it will only give you headaches.
    • CommentAuthoruniquee
    • CommentTimeApr 30th 2012
     permalink
    thanks all for your information and advice..yeha what i was trying to get to was seeing if using openDNS to figure out who was trying to access a specific domain etc..im in the process of working with my budgeting department to get more security parameters like the ones you have said above..thanks again!
    • CommentAuthorRed Prince
    • CommentTimeApr 30th 2012
     permalink
    Actually, with OpenDNS, or any other DNS, you cannot even know whether anyone was trying to access a specific domain, only that some system somewhere on your network looked up the domain. Just because a domain is looked up (perhaps without the knowledge of any human) foes not mean it was actually accessed.

    This is the same as just because someone looked at a phone number in the phone book does in no way imply they actually dialed that number.
  2.  permalink
    If you have a budgeting department, you company sounds large enough to have servers. Most servers have logging capabilities and a good place to set the logging levels might be a DNS server. Where to do logging will depend a bit on your network and the platform(s) you are using.

    If you already have the capability, the only thing to budget is the time to configure the logging.
    • CommentAuthoruniquee
    • CommentTimeMay 2nd 2012
     permalink
    unforunately the servers we have here are designed and administered thru the corporate level they wont allow "lower" people touch what they have..so im trying to find other options available to me.

This discussion has been inactive for longer than 30 days, and is thus closed.