dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
14352
share rss forum feed


BrainFreeze

@charter.com

Can still view porn sites with OpenDNS

I cannot figure this out for the life of me. Tonight I learned that one of the kids notebook computers was able to access porn sites with OpenDNS in place.

--The IP was checked and it is correct.
--All the appropriate categories were checked off.
--The computer was connected wirelessly to the home router.

And the computer still can access porn sites.

A check of another computer in the house, a wired one, shows the same sites as blocked.

What Gives?


chrisretusn
Retired
Premium
join:2007-08-13
Philippines
kudos:1
Reviews:
·PLDT
·Comcast


koma3504
Advocate
Premium
join:2004-06-22
North Richland Hills, TX
reply to BrainFreeze
I might be able to help with that but i need a detailed description on how you have your network setup.
As well as were did you hard code the opendsn number at??

Tekman222ps

join:2003-10-01
Jackson, GA
Reviews:
·AT&T Southeast
reply to BrainFreeze
Do you have the OPEN DNS addresses set in a Router for the entire home network, or set individually in each computer?

If the specific computer in question has manually entered DNS servers in the TCP/IP properties of the wireless card, then the OPEN DNS settings in your router will be bypassed. Depending on the router and firmware used in the router you may be able to force all DNS lookup's through the OPEN DNS servers with a custom firewall script such as this:
iptables -t nat -A PREROUTING -p udp -i br0 --dport 53 -j DNAT --to $(nvram get lan_ipaddr)
iptables -t nat -A PREROUTING -p tcp -i br0 --dport 53 -j DNAT --to $(nvram get lan_ipaddr)
 

-Lee


BrainFreeze

@charter.com
Ok, right now I am trying to determine where the dns server info was set up at. I don't have access to the computers right now so I am trying to do this from a distance.

The setup was supposed to be on the linksys wireless router with a combination of wired and wireless computers connecting, but I was not the person setting it up so I an not sure if opendns was set up on the router or on the 1 wired computer where the person setting it up made the changes from.

I had completely forgot that it can be setup on an individual computer and bypass the router all together.

So I am thinking thinking that opendns was set up on 1 computer and not the 1 router. But I am waiting for confirmation on that.

garys_2k
Premium
join:2004-05-07
Farmington, MI

1 recommendation

reply to BrainFreeze
Don't forget to set your kids' accounts to non-administrative level, too, to prevent the DNS settings on their machines from being reset.

TheWiseGuy
Dog And Butterfly
Premium,MVM
join:2002-07-04
East Stroudsburg, PA
kudos:3

1 recommendation

reply to BrainFreeze
said by BrainFreeze :

The setup was supposed to be on the linksys wireless router with a combination of wired and wireless computers connecting, but I was not the person setting it up so I an not sure if opendns was set up on the router or on the 1 wired computer where the person setting it up made the changes from.

If opendns is set-up in the router, it can be bypassed by setting it on the computer or by connecting to another wireless router.

Even if it is not bypassed in that fashion, it can be bypassed, for some sites, by lookups done on line and using the IP to connect and lastly with the hosts file.

Using opendns will not prevent a computer from connecting to porn without other steps.
--
Warning, If you post nonsense and use misinformation and are here to argue based on those methods, you will be put on ignore.


BrainFreeze

@charter.com
reply to BrainFreeze
Ok, I just heard back and the router is set up correctly.

Virus's are not my strong point, but is it possible that his computer was hijacked and dns servers on his computer were changed from the router to whatever? He was complaining that the computer was running slow yesterday.

upb
Premium
join:2004-03-15
Carriere, MS
kudos:1
reply to BrainFreeze
It might be worth mentioning that the third party firmware known as "Tomato" can be installed on the Linksys and configured to intercept all DNS queries and redirect them to OpenDNS. That way, local computer DNS configuration doesn't have to be an issue.


EGeezer
zichrona livracha
Premium
join:2002-08-04
Midwest
kudos:8
Reviews:
·Callcentric

1 edit
reply to BrainFreeze
This may be on the obvious list, but just in case - As TheWiseGuy See Profile mentioned in passing, It's possible it may have connected to a neighboring network, or a wireless at a friend's house, McDonalds etc.

Just as likely is the possibility you mentioned about TCP settings for the adapter(s) not being correctly set, or having been changed by someone with admin rights. Even though the wireless may have been changed, it's still possible the wired adapter could be set for some other DNS. If the notebook connects VIA wired, your wireless settings won't be used.
--
The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis


koma3504
Advocate
Premium
join:2004-06-22
North Richland Hills, TX
reply to BrainFreeze
You might could log on to the opendns account and view the web site states and block the web sites there going to as well. And you could also put those same websites in the host file of the computer in question.


BrainFreeze

@charter.com

1 recommendation

I did check the network connection and it was connected to the router. At least now it is. Mother reinstalled NetNanny prior to me getting the notebook, so NetNanny may have corrected the dns issue prior to me getting it. Also checked the opendns settings and all the porn stuff was checked off.

I finally got a hold of the notebook and scanned it. I found 82 registry entries of a rootkit. So i am thinking that may have been the issue.


Steve
I know your IP address
Consultant
join:2001-03-10
Foothill Ranch, CA
kudos:5

8 recommendations

reply to BrainFreeze
How many of us thought that the condition in the thread title is actually a feature ?


Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:12
Reviews:
·TekSavvy DSL
·Bell Fibe

2 edits
reply to BrainFreeze
I'm not OpenDNS user, so please correct me if I'm wrong, wouldn't
a) a carefully crafted hosts file bypass openDNS CF (meaning hosts file prepared for the sites I want to visit (hosts file prepared on some other comp not on OpenDNS))?
b) wouldn't using some public proxy bypass openDNS CF?
--
When you do something, do it right!


joako
Premium
join:2000-09-07
/dev/null
kudos:6

1 recommendation

reply to BrainFreeze
I setup OpenDNS filtering like this in offices, it is by no means 100% effective but will stop the majority of stuff that should not be viewed and shows that you at least made an effort to do something about the problem.

However, If I had kids and wanted to filter their internet access I would not use OpenDNS.

Quick test: visit www.internetbadguys.com it will tell you if OpenDNS is being used or not.
--
PRescott7-2097


seaman
Premium
join:2000-12-08
Seattle, WA
reply to BrainFreeze
said by BrainFreeze :

Can still view porn sites with OpenDNS
And the problem is?


koma3504
Advocate
Premium
join:2004-06-22
North Richland Hills, TX
said by seaman:

said by BrainFreeze :

Can still view porn sites with OpenDNS
And the problem is?
Re-read the first post.


Steve
I know your IP address
Consultant
join:2001-03-10
Foothill Ranch, CA
kudos:5

2 recommendations

said by koma3504:

Re-read the first post.
Re-read the winking smiley


koma3504
Advocate
Premium
join:2004-06-22
North Richland Hills, TX
I seen the smiley.

I wouldnt want my kids watching the stuff.
who knows the kid in ? might be 8


Dennis
Premium,Mod
join:2001-01-26
Algonquin, IL
kudos:5
said by koma3504:

I seen the smiley.

I wouldnt want my kids watching the stuff.
who knows the kid in ? might be 8
Who in the hell would give an 8 year old a laptop and be surprised when bad things happen?
--
My Blog. Because I desperately need the acknowledgement of others.

Visit the Judd Family website to see my kids!


koma3504
Advocate
Premium
join:2004-06-22
North Richland Hills, TX
Well one of my nieces has had her own desktop since she was 4. Kids love games.


NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:12
Reviews:
·SONIC.NET
·Pacific Bell - SBC
A cousin's daughter has a desktop. She is about eight years old, and uses it without adult supervision.

It has no Internet connection. No wireless capability, and no phone, or LAN jacks in the room.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum


Dennis
Premium,Mod
join:2001-01-26
Algonquin, IL
kudos:5
reply to BrainFreeze
Had a buddy of mine once bring over a computer his 11 year old daughter was using. Turns out it was infected to the gills with spyware and other cpu hogging things. A quick look at the history told me that the only thing she had been doing was playing games online.

Kids are dumb and will click yes to anything. Sure go ahead and install vundo so I can play Dora the Explora what do I care!

Trying to keep a teenager away from porn on the internet is unpossible.
--
My Blog. Because I desperately need the acknowledgement of others.

Visit the Judd Family website to see my kids!

Badonkadonk
Premium
join:2000-12-17
Naperville, IL
kudos:5
Reviews:
·Dish Network

2 edits
reply to koma3504
Same here. Each kid has had his/her own PC since at least 4.

I use OpenDNS. It works for me. But, in the routers I use, I can block DNS access to anything but OpenDNS DNS servers. So, if my kids think they'll change DNS servers, they'll lose access to the internet.

So, other than for my personal desktop, all other computers in the house (3 laptops, 7 desktops and even the 3 Ipod Touches) must use OpenDNS servers.


EGeezer
zichrona livracha
Premium
join:2002-08-04
Midwest
kudos:8
Reviews:
·Callcentric
said by Badonkadonk:

... in the routers I use, I can block DNS access to anything but OpenDNS DNS servers. So, if my kids think they'll change DNS servers, they'll lose access to the internet.
That idea escaped me when I was reviewing this topic. Thanks for adding that.

Blocking UDP/TCP 53 both ways with an exception for one's preferred DNS addresses would take care of the issue nicely as long as the kids don't connect to another unlimited network (neighbors, friends, public etc).
--
The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis


88615298
Premium
join:2004-07-28
West Tenness
reply to BrainFreeze
Filters are useless. Ask Australia

Also why would a little kid want to be watching porn? What are you teaching your kids? It's not normal for an 8 year old to type a search for "girl with 3 wee-wees in her butt"

Badonkadonk
Premium
join:2000-12-17
Naperville, IL
kudos:5
Reviews:
·Dish Network
Maybe your kids (if you have any) are genius level spellers. But, I know that mine will ocassionally misspell words. I know I've misspelled words where those misspellings have ocassionally redirected to websites that I consider less than savory for a young child.

But hey, you gotta raise your kids how you see fit. As long as they don't hang around mine, do what you want.


WutanG
Premium
join:2001-12-12
Seaford, DE
reply to BrainFreeze
Maybe instead of trying to block the rest of the world out, giving access to only what the kid wants/needs access to.

Seems like a more logical approach to me if possible. That way if the kid wanted access to something new also they'd ask you to set it up and you'd be fully aware of what they're up to.

I suppose the question would be - is that a realistic approach and is it do-able without a lot of grief and maintenance.
--
Let me tell you what Melba Toast is packin' right here, all right. We got 4:11 Positrac outback, 750 double pumper, Edelbrock intake, bored over 30, 11 to 1 pop-up pistons, turbo-jet 390 horsepower. We're talkin' some funkin' muscle.
-Wooderson


88615298
Premium
join:2004-07-28
West Tenness
reply to Badonkadonk
said by Badonkadonk:

Maybe your kids (if you have any) are genius level spellers. But, I know that mine will ocassionally misspell words. I know I've misspelled words where those misspellings have ocassionally redirected to websites that I consider less than savory for a young child.
A) report those sites

B) filters won't do shit for those sites.


Steve
I know your IP address
Consultant
join:2001-03-10
Foothill Ranch, CA
kudos:5

1 recommendation

said by 88615298:

A) report those sites
To whom?