Is blocking Facebook possible?

Comments

14 comments

  • Avatar
    rotblitz

    Yes, OpenDNS can block Facebook, e.g. by checking the "Social networking" category  for blocking, but...

    You must use OpenDNS at all to take this effect: http://welcome.opendns.com/ And your correct IP address information must be registered with your OpenDNS network: https://dashboard.opendns.com/settings/
    And you must once flush your local caches if you visited Facebook before, else you get served out of your caches.

    0
    Comment actions Permalink
  • Avatar
    tammyinmo

    No, blocking facebook is NOT possible on mobile devices at this time. Somehow, apps like youtube and facebook are bypassing the ordinary method of accessing content. Not only are these sites not blocked while using the apps, no logs are generated that even show you visited facebook or youtube while using the apps. 

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Hard to believe unless these apps do not make use of DNS at all but use IP addressing only.

    0
    Comment actions Permalink
  • Avatar
    mattwilson9090

    In addition to IP addressing only, it's highly possible that the mobile apps are using domain names that aren't obviously associated with any of Facebook's or Google's services. They could also be going straight to a CDN (content delivery network). To know for sure you'd probably need some sort of sniffer on your network so that you can watch the outbound traffic at the time you initiate it to try to track down what is going on. I'm guessing that doing so would reveal a domain that this version of those apps are using rather than a specific IP address.

    0
    Comment actions Permalink
  • Avatar
    tammyinmo

    Considering I have logs generating from my router and the router generates NO LOGS when one of these apps are used to generate content, they have to be using IP addresses instead of domain names. Facebook and youtube do not show up in my logs unless a browser is being used. If the apps are used, you'd never know that someone went there.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    I know, in comparison to a computer it is almost hard to obtain more detailed information about smart devices.  But here some hints how you could narrow it down:

    The first thing you do is you visit http://welcome.opendns.com/ with your smart device to ensure that you're using OpenDNS at all, as I said above already.  Otherwise anything else is really useless!  You cannot expect something being blocked then.  See also the other prerequisites I have listed.

    As next step you ensure that only this smart device is using OpenDNS in your network for at least 24 hours.  At the end of the day all entries in your OpenDNS domain stats will have resulted from this smart device, and you most likely have also caught the domains being used by the Facebook or YouTube or other apps.

    "they have to be using IP addresses instead of domain names."

    Hardly.  Especially Facebook and YouTube change their IP addressing and DNS configuration more often and faster than you think.

    0
    Comment actions Permalink
  • Avatar
    tammyinmo

    Considering OpenDNS blocking is working on the devices when a browser is used to access the site, I am very sure that opendns is working via my router.

    0
    Comment actions Permalink
  • Avatar
    tammyinmo

    I am testing this on my OWN device.

    0
    Comment actions Permalink
  • Avatar
    tammyinmo

    And, I get a nice checkmark telling me that my device is using opendns when I go there.

    0
    Comment actions Permalink
  • Avatar
    mattwilson9090

    Without seeing the logs you are examining I am left to conclude that either direct IP addressing is being used, or some non-obvious domain names, perhaps one associated with a CDN. It's not uncommon for mobile apps to use domain names completely different from the ones used by the complementary website, so it doesn't surprise me that you aren't seeing what you are looking for.

    Assuming that these two apps from the two different companies are indeed using hard coded IP addresses then there is nothing that OpenDNS can do to block them since they would not be using DNS at all. It sounds like whatever router you are using is only logging domain names or URL's so you'll need to use some other method to determine what IP address or addresses they are using and then use something else to block those addresses.

    0
    Comment actions Permalink
  • Avatar
    tammyinmo

    I checked the router logs, when the only application open on my ipad was Facebook. Every device connected to my router has an assigned IP address from the router. Therefore, I can know beyond a shadow of a doubt where the traffic is coming from.  if I open the Facebook app, NOTHING shows in the logs unless I click a link to an external article. You wouldn't  even know I was using the internet on  my iPad if all I did was have facebook open and scroll through the news feed.

    0
    Comment actions Permalink
  • Avatar
    mattwilson9090

    Does the Facebook app update itself when you open it? If you aren't certain try refreshing it as soon as you open it, or something else that would cause the news feed to populate the latest stories.

    0
    Comment actions Permalink
  • Avatar
    tammyinmo

    I can use Facebook for half an hour, click on people's profiles, etc...... and no logs of any kind generate at the router level and facebook is not blocked on devices, even though I have that category blocked at OpenDNS. My solution for now, is to block all services on electronic devices at the hours that I do not want stuff like that used. But that is not a good solution because there are other things that I would like my children to be able to access during those times that they now can  not.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    You didn't say what router model you have.  But it seems you did this by blocking ports like 80 and 443?  In case the router also allows blocking destination IP addresses and/or ranges, you could go for this instead of blocking common web ports.

    And scheduling is a different topic, often discussed in other threads here.  Some routers allow also for this.

    0
    Comment actions Permalink

Please sign in to leave a comment.