SSL VPNs on port 443 do wonders. :-)
----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest Internet Exchange http://www.midwest-ix.com ----- Original Message ----- From: "Craig Baird" <cr...@xpressweb.com> To: af@afmug.com Sent: Monday, January 4, 2016 11:44:30 AM Subject: Re: [AFMUG] Blocking Tech Savvy person from Porn It depends on just how tech savvy the person is. We had a similar situation a while back. Customer's kid was using VPNs to bypass whatever controls the customer had in place. We sold the customer a Mikrotik, and set it up to block the standard VPN ports. Problem solved--at least so far. The kid wasn't tech savvy enough to circumvent that. Obviously, that could change. Craig Quoting Nate Burke <n...@blastcomm.com>: > That was my thought, there's always a way around. Where there's a > will, there's a way. > > On 1/4/2016 9:50 AM, Josh Reynolds wrote: >> >> He can probably shift quite a few ports/methods around, or create >> vpns he controls to amazon., etc. Or Tor. Etc etc for every >> solution you come up with, there's a way around it. >> >> Also, this is a social/hr "issue". Treat it as such. >> >> On Jan 4, 2016 9:45 AM, "Josh Luthman" <j...@imaginenetworksllc.com >> <mailto:j...@imaginenetworksllc.com>> wrote: >> >> VPN hides the traffic, so anything in it is getting through. >> Could you do 1kbps for all VPN traffic? >> >> Block porn with opendns and drop DNS to anything else? >> >> Josh Luthman >> Office: 937-552-2340 <tel:937-552-2340> >> Direct: 937-552-2343 <tel:937-552-2343> >> 1100 Wayne St >> Suite 1337 >> Troy, OH 45373 >> >> On Jan 4, 2016 10:42 AM, "Nate Burke" <n...@blastcomm.com >> <mailto:n...@blastcomm.com>> wrote: >> >> We're dealing with a customer who is trying to block porn from >> their house. The person who has the 'problem' is tech savvy, >> and is using VPN Services. Is there any way to block someone >> like this? I'm guessing any content filtering wouldn't work >> because the VPN is terminating on the computer behind the >> router. Any sort of IP or DNS Block they would be able to >> bypass. Is there any way to stop a tech person from getting >> what they want? Right now our only thought is to put in like >> a 10k/s queue on their connection during the overnight >> hours. Other options? >> > >