Networking/Computing Tips/Tricks

We recently received the following query via email (some content edited):

I heard you speak a few weeks back and have a few questions regarding the "How to Parent the Internet" segment of your presentation. Is there a certain software required for blocking offensive content? Also, is there a standard way to block most or all pornography sites?   Any insight would be appreciated or if you have a website you could direct me to where I could find some of this information!

This is a great topic for discussion, and here is the response sent:

Thanks for the email query.  Hopefully I can give you an answer that will help.  If you have follow up, don't hesitate to ask.

You can block sites using your home/small business router.  There is a separate article on that. 

Let's start with a quick and easy trick that may work (remember that anything configured on the local machine can be adjusted):  to block websites on your home computer without investing in expensive software do the following:

Step 1: Click the Start button and select Run. Now type the following text in that Run box:

notepad c:\WINDOWS\system32\drivers\etc\hosts

Note: if you get a message "cannot create the C:\WINDOWS/system32/drivers/etc/host file and make sure the path and file name are correct”, go to: C:\WINDOWS\system32\drivers\etc.  There is a file called ‘hosts’.u,  click on it and it displays an ‘open with’ window.  Now, dont click on it, but right click and select properties.after that uncheck read-only from the bottom of the window that will open.select ok to close the window.  You should be good to edit the file now.

Step 2: You will see a new notepad window on your screen containing some cryptic information. Don’t panic. Just goto the last line of the file, hit the enter key and type the following:

127.0.0.1 orkut.com
127.0.0.1 facebook.com
127.0.0.1 myspace.com

Save the file and exit. That’s it. None of the above sites will now open on your computer.  You can block as many websites as you like with the above technique. If you want to remove the ban later, open the same file as mentioned in Step 1 and delete the above lines.

Let's move on.

I probably mentioned Australia in my talk.  Here is a great link that I recommend you read in its entirety about what goes on there: http://en.wikipedia.org/wiki/Internet_censorship_in_Australia

Hopefully you have already seen some great links by either reading parenting the internet or by simply typing "parenting the internet" into your favorite search engine.

The answer is a complicated one, because it depends where you want to insert the roadblock.  But before I go there, let's discuss the roadblock options and issues, defining what the block is going to do.

Pornography on the Internet is really like any other content from a standpoint of how the content is accessed and transmitted across the Internet.  Content is contained on web sites, usually as files, that are accessed by selecting the file from a list on the web page.  Web sites are located at web pages.  These have IP addresses.  So one way to block access to the content is to ban transmittal of IP packets to those IP addresses.  The challenge here is how to collect a complete list of such addresses.  As new sites come on the scene, or if XXX web sites change their IP addresses from time to time, the challenge is further complicated by keeping the list current.  Another option would be to find certain key words or phrases contained in IP packets, and if those words or phrases are found, the packets are filtered (deleted).  The challenge with this method is one must look inside IP packets (snooping) which is more work.  A further challenge is what if the match is a false positive and prevents access to a legitimate page or source.  Lastly challenging here is that videos and sound clips don't have phrases in them, so they can fly right under this filter method.

The next challenge is where to create the roadblock.

Let's talk about the points starting at the end user PC.  Certainly the end user PC could have a program installed that will block the content.  There are software programs out there that do this.  The challenge of this method is that it requires administration on each PC it is installed onto.  Here are some end user PC programs:

Keep in mind that you can also configure your browser to be more secure.  Here's how you do it:

  1. Click "Tools"
  2. Click "Internet Options..."
  3. Click on "Content" tab
  4. In the "Content Advisor" section click on "Enable..."

You are now in the Content Advisor. From here you can set your settings.

  • "Ratings" tab - Set rating levels for: language, nudity, sex and violence.
  • "Approved Sites" tab - Name sites that you will allow your children to always view or name sites that you never want your children to view, regardless of the site's rating.
  • "General" tab
    • Allow or disallow your child to see sites that are not rated.
    • Create a password - this is great for use with older children. You set a password, then if your child goes to a site they want to see, but it is a disallowed site, you can allow the site using the password. You will have the option to always allow the site or only allow it this one time.
    • View or modify the rating system

The next spot to do blocking is in the customer home/business router/gateway, you know, the NetGear/Linksys/D-link box.  Some are better than others, but you can configure some to simply block access to a list of sites that are offensive.  Check out an example video at http://www.youtube.com/watch?v=0y5bZ5ztCrg&feature=related

The next spot is in the service provider network that you can sell as a service.  In order to locate the IP address of a site (for example if I type www.someoffendingsite.com in my web browser), the first thing that happens is that the web browser and my protocol stack attempts to look this URL (Universal Resource Locator) in a domain name server or DNS.  When you sell Internet services you provide an IP address to your users and a DNS server address they must use.  The usual DNS allows connectivity to everyone known on the public Internet.  However, you could install an optional DNS server in your network that will not return the IP addresses of the offending sites, therefore the URL to address cannot be resolved and therefore the site becomes unreachable.  One such free tool can be found at: http://www.opendns.com/solutions/business/filtering/

Coming soon is that all XXX content providers will be required to use the websitename.xxx instead of websitename.com names.  This is part of the Web 3.0 vision.  This will make life much easier, but managing compliance will be tough.

As a service provider, you do have large routers in the network.  Those routers can be configured to apply access control lists to interfaces facing your customers.  There is information on this at cisco.com and other manufacturers.

Another thing the service provider can do is to buy and install a really good firewall system.  There are a number available (see Barracuda, and http://www.firewall-servers.com/ among others), but these can be configured to do filtering and blocking as well as virus, trojan, and other malware filtering.

I have rambled on enough for now.  Bottom line is that none of these approaches is perfect and there are so many social issue involved (I am no expert on those).  All you have to do is type "defeat parental controls" into your search engine and you will see that the community trying to develop solutions is matched by a community trying to find workarounds.  My personal opinion is that you must develop a balance of multiple touch points, but love the idea of a DNS service that can succeed 90%+ of the time.

This is a fairly deep subject, I hope I have hit somewhere in your needs ball park.  I look forward to your follow up.

Comments powered by CComment

Find by Tag

4G Networks 5G Networks 6LoWLAN 6LoWPAN 802.11 802.11ah 802.11ax 802.11ay 802.11az Addressing Analysis Ansible Architecture ARP AToM Baseline BGP Bloom's Taxonomy Broadband Cable cat CellStream Cellular Central Office Cheat Sheet Chrome Cisco Cloud CMD Coloring Rules Computer Consulting Customer Support Data Center Data Networking DHCPv6 DNS Docker Documentation Dublin-Traceroute dumpcap ECMP Ethernet Ethics Evaluation Field Operations Fragmentation G-MPLS GeoIP Git GNS3 Google GQUIC Hands-On History Home Network ICMP ICMPv6 IEEE 802.11p IEEE 802.15.4 India Interface Control Internet IoT IPsec IPv4 IPv6 IRINN IS-IS L2VPN L3VPN LDP Linux LLN LoL M-BGP MAC Macro Microsoft mininet Monitoring MPLS mtr MTU Multicast Name Resolution Netcat Netmiko NetMon netsh Networking Network Science nmap Npcap NSE Observations Online School OpenFlow OSPF OSPFv2 OSPFv3 OSX OTT Paris-Traceroute Parrot PIM PMTU Policy POTS POTS to Pipes PPP Profile Programming Project Management PW3E Python QoS QUIC Remote Desktop Requirements Resume RIP Routing RPL RSVP Rural SDN Security Service Provider Small Business SONET Speed SS7 SSH SSL Subnetting SYSCTL T-Shark TCP TCP/IP Telco Telecom 101 Telecommunications Telephone termshark Testing TLS Tools Traceroute Traffic Engineering Training Travel Tunnel Ubuntu Utility Video Virtualbox Virtualization VoIP VRF VXLAN Wi-Fi Wi-Fi 4 Wi-Fi 5 Wi-Fi 6 Windows Winpcap Wireless Wireless 5G Wireshark Wireshark Tip WLAN Writing Zenmap ZigBee

Twitter Feed