Your ready made hosts file is fantastic. I haven’t tested it yet, but I was just about to start building one myself when I found yours. Thank you for the time saver!
My pleasure Jim. I may do a followup post about blocking additional sites, such as personals sites and the like. I suggest subscribing to RSS feed for my Network Administration section so you know when that happens.
Hi Brian, I was wondering if you could tell me how to block some ports and decide when they are blocked. Like for the chat client GAIM at home. I have been fooling around with the network router for sometime and though i have it set to deny access of certain login sites for aol and yahoo, it still allows them. thanks
I’ll try to answer your question as best as I can. Correct me if I am wrong here: you’re asking how to block GAIM’s ports at specified periods of time, right?
Blocking the login servers for these services should work, in theory. Your router may allow you to block incoming or outgoing traffic. Make sure you are blocking outgoing traffic for these servers. Of course both the AIM and Yahoo! chat protocols are good at finding new login servers, so my list may be out of date. Another problem is that most of these chat applications are “port agile,” so if you block their default ports they’ll find a new one to communicate over.
If you’ve got a limited number of computers on which you want these services blocked (which is presumably true since you were asking about a home system), the simplest way might be to block the application itself from executing. You can do this with Windows XP’s built-in firewall. You can also try my hosts file solution that I developed in this post. It worked well for blocking these services at the time of writing.
Of course if the people you don’t want using the chat programs are logged in as an administrative user, anything you do directly on the PC can be thwarted if they know what they’re doing. You may want to consider blocking the programs as mentioned above, then create a new user that does NOT have administrative rights on the computer. Let your kids or whomever log in with that user.
Now if you’re looking for a more managed way to time when these applications are allowed to run, you’ll need to look at a more sophisticated solution. I don’t know of any home routers that let you schedule when a port may be open. I didn’t look too deeply into it, but CyperPatrol sounds like a package that will do what you need. Here is a feature comparison (PDF) that may give you the information you need.
Thanks Brian, I will try a few things including what you have listed. This is actually to make sure my older sister does her work before she talks to her friends. Thanks again
I haven’t looked at blocking Google Chat yet, mostly because the kids at the school I work for haven’t caught on to it. I do know that it is based on the Japper protocol, and Google hosts their own Jabber server. Their server name is “talk.google.com”. So if you would add the line “127.0.0.1 talk.google.com” to your hosts file, you would effectively block the Google Chat client from working.
However if you want to block direct chatting through the Gmail interface, that’s a bit of a problem. If you want to block that you’ll have to block Gmail in general, which might not be what you want.
December 28th, 2005 at 4:13 pm
network admins suck shit covered monkey balls… i can’t ever talk to dan or dave anymore… waaaaaaaaaaah!
December 29th, 2005 at 11:48 am
Your ready made hosts file is fantastic. I haven’t tested it yet, but I was just about to start building one myself when I found yours. Thank you for the time saver!
January 29th, 2006 at 11:59 pm
My pleasure Jim. I may do a followup post about blocking additional sites, such as personals sites and the like. I suggest subscribing to RSS feed for my Network Administration section so you know when that happens.
March 1st, 2006 at 12:00 pm
Hi Brian, I was wondering if you could tell me how to block some ports and decide when they are blocked. Like for the chat client GAIM at home. I have been fooling around with the network router for sometime and though i have it set to deny access of certain login sites for aol and yahoo, it still allows them. thanks
March 1st, 2006 at 12:22 pm
I’ll try to answer your question as best as I can. Correct me if I am wrong here: you’re asking how to block GAIM’s ports at specified periods of time, right?
Blocking the login servers for these services should work, in theory. Your router may allow you to block incoming or outgoing traffic. Make sure you are blocking outgoing traffic for these servers. Of course both the AIM and Yahoo! chat protocols are good at finding new login servers, so my list may be out of date. Another problem is that most of these chat applications are “port agile,” so if you block their default ports they’ll find a new one to communicate over.
If you’ve got a limited number of computers on which you want these services blocked (which is presumably true since you were asking about a home system), the simplest way might be to block the application itself from executing. You can do this with Windows XP’s built-in firewall. You can also try my hosts file solution that I developed in this post. It worked well for blocking these services at the time of writing.
Of course if the people you don’t want using the chat programs are logged in as an administrative user, anything you do directly on the PC can be thwarted if they know what they’re doing. You may want to consider blocking the programs as mentioned above, then create a new user that does NOT have administrative rights on the computer. Let your kids or whomever log in with that user.
Now if you’re looking for a more managed way to time when these applications are allowed to run, you’ll need to look at a more sophisticated solution. I don’t know of any home routers that let you schedule when a port may be open. I didn’t look too deeply into it, but CyperPatrol sounds like a package that will do what you need. Here is a feature comparison (PDF) that may give you the information you need.
Hope this information helps you out!
March 1st, 2006 at 4:46 pm
Thanks Brian, I will try a few things including what you have listed. This is actually to make sure my older sister does her work before she talks to her friends. Thanks again
March 20th, 2006 at 9:19 pm
Anyway to blocking only chat within gmail ??
March 20th, 2006 at 11:37 pm
I haven’t looked at blocking Google Chat yet, mostly because the kids at the school I work for haven’t caught on to it. I do know that it is based on the Japper protocol, and Google hosts their own Jabber server. Their server name is “talk.google.com”. So if you would add the line “127.0.0.1 talk.google.com” to your hosts file, you would effectively block the Google Chat client from working.
However if you want to block direct chatting through the Gmail interface, that’s a bit of a problem. If you want to block that you’ll have to block Gmail in general, which might not be what you want.