Is there an easy way to block YouTube for just one child?
Discussion
Don said:
Dr Doofenshmirtz said:
Run Notepad as administrator
Click File - Open - C:\Windows\System32\drivers\etc\hosts
Make an entry as the end of the file like this:
1.1.1.1 www.youtube.com
Save file
Job done.
If the son isn't technically minded this would work. Even if he is it might take a while to realise what had been done.Click File - Open - C:\Windows\System32\drivers\etc\hosts
Make an entry as the end of the file like this:
1.1.1.1 www.youtube.com
Save file
Job done.
The complete solution is a SOPHOS UTM. A 115w would do the job. It isn't remotely easy. It does give you absolute, total control over one particular internet connection and absolute total protection against internet nastiness.
It could also be the start of an interesting new career in information security. i.e. It's not easy...
I think to restrict your own sites (i.e set a password to unlock) you'd have to pay for the the $20 full version - but that's peanuts for such a good solution.
Dr Doofenshmirtz said:
Open DNS family shield would probably do it better, and it's very easy to set up. Plus it's clientless with only a router DNS address change required, and it protects every device on the wifi (so mobiles, tablets etc are also covered).
I think to restrict your own sites (i.e set a password to unlock) you'd have to pay for the the $20 full version - but that's peanuts for such a good solution.
That's only effective until he works out how to change the DNS settings on his machine though, or runs a local VPN, or uses a hotspot on his phone, or...I think to restrict your own sites (i.e set a password to unlock) you'd have to pay for the the $20 full version - but that's peanuts for such a good solution.
And, more importantly, entirely misses the point: getting into a escalating technical war is totally the wrong way to approach it. Block him one way, he'll find a way round it, you block that way, he works around it again. You're training him to see that the technical block is the problem, not his original behaviour.
This isn't a technical problem, so don't try to solve it with a technical solution.
doesn't work so transparently with Virgin media... you cant change DNS settings from the router with them.
you could always host your own DNS server on the lan and custom filter to your hearts content.
SQUID + DNSMASQ ( or BIND ) and you're in business ( as long as you setup the firewall to block all traffic thats not passing through the proxy )
^^ this is what i do
server and router are locked away, and remote access to routers config page is blocked by Rules set in dnsmasq and backed up with the firewall. physical access is controlled with a locked box and a big stick
you could always host your own DNS server on the lan and custom filter to your hearts content.
SQUID + DNSMASQ ( or BIND ) and you're in business ( as long as you setup the firewall to block all traffic thats not passing through the proxy )
^^ this is what i do
server and router are locked away, and remote access to routers config page is blocked by Rules set in dnsmasq and backed up with the firewall. physical access is controlled with a locked box and a big stick
ash73 said:
OpenDNS is pretty good but you need to block other DNS traffic on the router firewall, and block VPN ports too. A router with a configurable firewall costs about £50.
problem is, ssh can run on any port and a digital ocean droplet is one step above £nothingcan a £50 router do deep packet inspection at line speed?
http://www.ntop.org/products/deep-packet-inspectio...
Edited by SystemParanoia on Monday 26th September 11:56
ash73 said:
SystemParanoia said:
problem is, ssh can run on any port and a digital ocean droplet is one step above £nothing
can a £50 router do deep packet inspection at line speed?
True, there are limits to what you can do. White lists would be a simple solution, but not very practical. I tried the Squid solution you suggested a while back on a QNAP NAS but it was a bit unreliable, and I don't think the proxy settings on the client were controlled by UAC.can a £50 router do deep packet inspection at line speed?
Vaud said:
ash73 said:
SystemParanoia said:
problem is, ssh can run on any port and a digital ocean droplet is one step above £nothing
can a £50 router do deep packet inspection at line speed?
True, there are limits to what you can do. White lists would be a simple solution, but not very practical. I tried the Squid solution you suggested a while back on a QNAP NAS but it was a bit unreliable, and I don't think the proxy settings on the client were controlled by UAC.can a £50 router do deep packet inspection at line speed?
lets hope the kid doesn't discover Kali Linux and/or Mr Robot and all of its lovely hidden easter eggs
how to guide to using AWS to do your wifi cracking for you
http://codeinpython.blogspot.co.uk/2016/02/crackin...
Edited by SystemParanoia on Monday 26th September 12:14
SystemParanoia said:
Yup, once you have the WPA handshake, 1 hr's rental of a multi cuda AWS machine will have the pass bruteforced in no time at all.
Typical techie going for the technical approach.I'd go for the social engineering approach. "Hello mr neighbour - my dads out and I really need to do my homework/charity work/save a kitten week - can I possibly borrow your wifi connection for an hour?"
Vaud said:
SystemParanoia said:
Yup, once you have the WPA handshake, 1 hr's rental of a multi cuda AWS machine will have the pass bruteforced in no time at all.
Typical techie going for the technical approach.I'd go for the social engineering approach. "Hello mr neighbour - my dads out and I really need to do my homework/charity work/save a kitten week - can I possibly borrow your wifi connection for an hour?"
and plenty of neighbors to try your luck with
ash73 said:
deckster said:
You're training him to see that the technical block is the problem, not his original behaviour..
New age parenting mumbo jumbo. Yes there are always ways round it, but you should at least set up some basic parental controls.The parental control is me. I am the parent, I have the control. Not sure that there's too much 'new age' involved there.
Rather more pertinently, I started programming when I was 9 and have therefore been what you might call a serious techie for over 30 years. I know exactly how effective technical blocks would have been to me as a kid, and I know my kids well enough to extend them the same respect.
ash73 said:
SystemParanoia said:
Yup, once you have the WPA handshake, 1 hr's rental of a multi cuda AWS machine will have the pass bruteforced in no time at all.
Protecting against a brute force attack on the router is pretty straightforward, just change the username as well as the password.ash73 said:
SystemParanoia said:
ash73 said:
SystemParanoia said:
Yup, once you have the WPA handshake, 1 hr's rental of a multi cuda AWS machine will have the pass bruteforced in no time at all.
Protecting against a brute force attack on the router is pretty straightforward, just change the username as well as the password.thats a different vulnerability, you use 'reaver' to attack that... but most routers defend themselves against that by rate limiting. but once you tweak your automated attack cycle to the sweet spot.. goto bed and wake up with full access.
Most default wifi passwords are 8 characters long with just upper and lower case letters and 99.99% of users will not change it.
Don said:
Dr Doofenshmirtz said:
Run Notepad as administrator
Click File - Open - C:\Windows\System32\drivers\etc\hosts
Make an entry as the end of the file like this:
1.1.1.1 www.youtube.com
Save file
Job done.
If the son isn't technically minded this would work. Even if he is it might take a while to realise what had been done.Click File - Open - C:\Windows\System32\drivers\etc\hosts
Make an entry as the end of the file like this:
1.1.1.1 www.youtube.com
Save file
Job done.
The complete solution is a SOPHOS UTM. A 115w would do the job. It isn't remotely easy. It does give you absolute, total control over one particular internet connection and absolute total protection against internet nastiness.
It could also be the start of an interesting new career in information security. i.e. It's not easy...
Foliage said:
Don said:
Dr Doofenshmirtz said:
Run Notepad as administrator
Click File - Open - C:\Windows\System32\drivers\etc\hosts
Make an entry as the end of the file like this:
1.1.1.1 www.youtube.com
Save file
Job done.
If the son isn't technically minded this would work. Even if he is it might take a while to realise what had been done.Click File - Open - C:\Windows\System32\drivers\etc\hosts
Make an entry as the end of the file like this:
1.1.1.1 www.youtube.com
Save file
Job done.
The complete solution is a SOPHOS UTM. A 115w would do the job. It isn't remotely easy. It does give you absolute, total control over one particular internet connection and absolute total protection against internet nastiness.
It could also be the start of an interesting new career in information security. i.e. It's not easy...
https://foxglovesecurity.com/2016/01/16/hot-potato...
SystemParanoia said:
Foliage said:
Don said:
Dr Doofenshmirtz said:
Run Notepad as administrator
Click File - Open - C:\Windows\System32\drivers\etc\hosts
Make an entry as the end of the file like this:
1.1.1.1 www.youtube.com
Save file
Job done.
If the son isn't technically minded this would work. Even if he is it might take a while to realise what had been done.Click File - Open - C:\Windows\System32\drivers\etc\hosts
Make an entry as the end of the file like this:
1.1.1.1 www.youtube.com
Save file
Job done.
The complete solution is a SOPHOS UTM. A 115w would do the job. It isn't remotely easy. It does give you absolute, total control over one particular internet connection and absolute total protection against internet nastiness.
It could also be the start of an interesting new career in information security. i.e. It's not easy...
https://foxglovesecurity.com/2016/01/16/hot-potato...
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff