RE: [m0n0wall] How to block a certain website with m0n0wall?

From:	"GD Incorporation" <rbasuki at gdincorporation dot com>
To:	"'Jewell, Michael'" <mjewell at law dot umaryland dot edu>, <m0n0wall at lists dot m0n0 dot ch>
Subject:	RE: [m0n0wall] How to block a certain website with m0n0wall?
Date:	Fri, 9 Oct 2009 22:17:50 +0700
Will it get the complete IP range and CIDR too? The whois.com did not.

Thanks
Rendra 

-----Original Message-----
From: Jewell, Michael [mailto:mjewell at law dot umaryland dot edu] 
Sent: Friday, October 09, 2009 9:05 PM
To: m0n0wall at lists dot m0n0 dot ch
Cc: rbasuki at gdincorporation dot com
Subject: RE: [m0n0wall] How to block a certain website with m0n0wall?

For under Windows, there are several utilities to get whois data.  I use one
called whoisview.exe,  just do a google search for it...

-Mike


> -----Original Message-----
> From: Gold Dragon [mailto:golddragoninc at gmail dot com] On Behalf Of GD 
> Incorporation
> Sent: Friday, October 09, 2009 2:31 AM
> To: 'Lee Sharp'
> Cc: m0n0wall at lists dot m0n0 dot ch
> Subject: RE: [m0n0wall] How to block a certain website with m0n0wall?
> Importance: High
> 
> By the way Lee
> 
> How did you get the whois info below? Through whois.com or other methods?
> 
> Thanks
> Rendra
> 
> -----Original Message-----
> From: Lee Sharp [mailto:leesharp at hal dash pc dot org]
> Sent: Friday, October 09, 2009 12:16 PM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] How to block a certain website with m0n0wall?
> 
> GD Incorporation wrote:
> > Dear Lee
> >
> > I did like what you wrote below. I went to whois.com and find info 
> > on facebook.com domain and found that they used 4 dns servers. I was 
> > thinking to block the DNS servers thinking that all access that goes 
> > through that server will be rejected. But you are right if the DNS 
> > Servers are hosted to important business oriented servers such as 
> > GoDaddy, then it will be trouble.
> >
> > I hope m0n0wall have a feature to block a certain domain all at once.
> >
> > Now the next question, since the m0n0wall does not seem to be able 
> > to block one whole domain, if I put a real web portal such as 
> > dansguardian to filter what websites can be accessed, shoud I put it 
> > between ADSL modem and Firewall or should I put it behind firewall?
> 
> You are missing the point.  You are trying to keep people out of a 
> strip club by hiding the phone book.  And badly as well.  The client 
> PC does a DNS request to m0n0wall, as that is the DNS server for the 
> client PC.
> Assuming you do not have www.facebook.com locally, m0n0wall will do a 
> request to the ISP DNS server.  They in turn will look at an 
> authoritative name server, and eventually that will look at the 
> facebook server.  But
the
> client PC only ever looks to m0n0wall for name resolution.
> 
> What you need to block are IP addresses.  If you ping facebook.com you
will
> get something close to 69.63.184.142, which was different from the 
> last time I pinged it.  If you do an 'nslookup 69.63.184.142' you will 
> see it is www-10-03-ash1.facebook.com, or part of a cluster.  If you 
> do a 'whois 69.63.184.142' you get;
> 
> 
> OrgName:    Facebook, Inc.
> OrgID:      THEFA-3
> Address:    156 University Ave, 3rd floor
> City:       Palo Alto
> StateProv:  CA
> PostalCode: 94301
> Country:    US
> 
> NetRange:   69.63.176.0 - 69.63.191.255
> CIDR:       69.63.176.0/20
> OriginAS:   AS32934
> NetName:    TFBNET2
> NetHandle:  NET-69-63-176-0-1
> Parent:     NET-69-0-0-0-0
> NetType:    Direct Assignment
> NameServer: DNS04.SF2P.TFBNW.NET
> NameServer: DNS05.SF2P.TFBNW.NET
> 
> 
> The important part is the CIDR whis is the netblock for all of facebook.
>   Blocking 69.63.176.0/20 will block facebook right now.  It will not
block
> them if they move, and it may block other stuff for some.  If you do 
> that with my company website you get;
> 
> OrgName:    GoDaddy.com, Inc.
> OrgID:      GODAD
> Address:    14455 N Hayden Road
> Address:    Suite 226
> City:       Scottsdale
> StateProv:  AZ
> PostalCode: 85260
> Country:    US
> 
> NetRange:   72.167.0.0 - 72.167.255.255
> CIDR:       72.167.0.0/16
> OriginAS:   AS26496
> NetName:    GO-DADDY-SOFTWARE-INC
> NetHandle:  NET-72-167-0-0-1
> Parent:     NET-72-0-0-0-0
> NetType:    Direct Allocation
> NameServer: CNS1.SECURESERVER.NET
> NameServer: CNS2.SECURESERVER.NET
> NameServer: CNS3.SECURESERVER.NET
> 
> 
> I do not work for GoDaddy.
> 
> So, yes you can do this quick and dirty in m0n0wall.  To do it right, 
> you need a web filter of some kind.
> 
> 			Lee
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch