block websites

[jimbuddy]

I want to block several websites and could use some assistance. i have a pix 515. what commands would i use to block the following

facebook.com
myspace.com

thanks

jim

 

[desperado618]

First ping those sites and get their IP's. Or if they own address blocks, you can look them up on Arin.

One the Pix do the following:
show access-group

Look for the access-list bound to your inside network (where your users reside)

Next type:
access-list <acl from above> deny ip any host <IP of facebook>
access-list <acl from above> deny ip any host <IP of myspace>
wr mem

http://www.NetLeets.com

IT Security news and information
In plain English

 

[dorego]

If you are using windows Server with AD why not just create a Group policy!

 

[BuckWeet]

Or better yet... put a proxy in

 

[desperado618]

urlblacklist.org also offers an inexpensive editable black list.However my response from my last post should be sufficient in accomplishing this on the pix.

http://www.NetLeets.com

IT Security news and information
In plain English

 

[BuckWeet]

Another option would be to run your own internal DNS server and have it be the SOA for those domains.. Basically so they won't resolve. Make sure to that users have to use your internal DNS server by blocking it at the firewall..


BuckWeet

 

[bobbyforhire]

I am using a Packeteer4500 to do my blocking the problem with the IP blocking on a pix is that some (most) things that you want to block (myspace,youtube,exc..) will have multiple ip addresses.

I have tried the DNS way and if the user just puts in the IP they get right past it.

I have also tried putting in host files to block but that's alot of code or login scripting.

If you come up with another way that is solid share it. But like i said so far the best way i have found was using a PacketShaper 4500