[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: [K12OSN] Re: squidguard and reverse lookups



I've installed and use CensorNet at work.  It's a great distro.  Quite
granular in terms of allowing/denying Internet access by machine or user,
filtering content, usage reports, etc.  And, of course, it's GPL'd.  Highly
recommended, if you're in the "market" for such a product.

Dimitri

-----Original Message-----
From: dale quigg aspentech com [mailto:dale quigg aspentech com]
Sent: Tuesday, June 24, 2003 12:42
To: k12osn redhat com
Subject: [K12OSN] Re: squidguard and reverse lookups


> Date: Tue, 24 Jun 2003 09:50:37 -0400
> From: Mike Rambo <mrambo lsd k12 mi us>
> To: k12os list <k12osn redhat com>
> Subject: [K12OSN] squidguard and reverse lookups
> Reply-To: k12osn redhat com
>
> We've just realized that it is somewhat of a big deal that squidGuard
> doesn't do reverse lookups to check for blocked sites. The reason we
> noticed is that some enterprising student figured out he could do a
> nslookup on playboy.com and go directly to 
>
>   http://209.247.228.201
>
> without any blocking taking place. I checked the ip of a couple of the
> other big names. Penthouse I found blocked by ip as well as name in the
> blacklists. Hustler.com has two ip's neither of which were in the
> blacklists (but in their case they also appear to do some redirecting
> when arriving at the site that causes it to get blocked anyway). I hope
> there aren't too many sites out there that are only in the blacklists by
> name. This makes me think back to all of the sites I've added to
> local-block and have done so only by name. There's probably a good
> chance that at least some of them are still accessible directly by ip.
>
> I'm wondering if anyone else has run into this problem and how you
> handle it.
>

For my home, I just installed CensorNet, www.censornet.com.  This is a
Debian(?) distribution with Dansguardian and other pieces to help administer
blocking.  One feature/drawback is that all the MAC addresses of machines
that will access the internet need to be auto-discovered or manually
entered.  This feature does allow you to ensure that certain machines do not
have access to the internet though.

They offer a reasonably priced subscription service for blacklist updates
(~$175 USD per year) and even have a add-in that detects "skin" and blocks
those images (It's not on the price list so I assume that means "expensive"
both in terms of cost and server hardware).

There is a bridging patch that I installed since I didn't want to use the
CensorNet box as my firewall.  It works well.

Overall, I'd certainly take a look at this distribution.  I've not heard
much/anything about it on this list so I thought I'd bring it to everyone's
attention.

Hope this helps.
Dale



_______________________________________________
K12OSN mailing list
K12OSN redhat com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]