internet monitoring on a network

bigshahman

Junior Member
Dec 7, 2009
2
0
0
we have a small network at our local church and want to monitor internet activities of all the users. The reason being we don't want them visiting certain sites on church premsis. Blocking the sites only works for a short period of time until they find ways around it. What i wanted to do is leave everything unblocked but monitor mac address or ips and which site they go on. That way i can approch the indiviual and warn them.

What is the best way to do this, Also cheap possibly free. Are there routers that i can use to log sites? or third party firmware for routers?
 

tonyyy

Member
Nov 10, 2009
75
0
0
You could use opendns to filter the Internet. you can blacklist up to 25 domains for the free account or more if you pay which is around 9.95 a year.

opendns.com
 

Pantlegz

Diamond Member
Jun 6, 2007
4,627
4
81
I've seens a few content filters for linux that are free, as long as there is no way around them(put them between your connection and router) you could block sites the only issue with that is getting everything blocked can be a little time consuming. I know most router have some sort of log the only issue with that is they only keep a limited amount of information. If you could setup a syslog server a higher end or possibly DD-WRT router may be able to send the logs over to that, and you could go through them or filter out sites that are ok.

I'm working on a Pfsense firewall as my final project and I'm pretty sure it has the ability to track which ip's go where and how much bandwidth they use. it's pretty nifty, free and easy to setup as long as you have a spare pc with 2 nic's.
 

dawks

Diamond Member
Oct 9, 1999
5,071
2
81
I use Untangle. Like pfSense its a free open source linux based firewall system. It has commercial software you can buy like an AV scanner, and spam filter, but the free stuff has been working great for us. It also has a report tool, so every day I get a pdf file that shows daily traffic totals and averages, and tells me what websites each individual local IP address has visited. Works great.

I will do website filtering, either by manual entries, or by pre-made categories. If you go to a blocked site, you'll get a page that says "website blocked". The only way around it is with a proxy, and it might even have to be an encrypted proxy, but you could probably block those too, which would make it super difficult.

Combine Untangle with OpenDNS and you've got a pretty decent solution. Make the computer use Untangle for DNS, and give the users non-admin accounts so they can't change it. And then have Untangle use OpenDNS for its resolver.

Just need a PC with two NICs.

http://www.untangle.com/
 

JackMDS

Elite Member
Super Moderator
Oct 25, 1999
29,499
400
126
The principle is central Internet traffic server.

Right now it is probably a simple Cable/DSL Router.

The Entry Level Routers can not monitor specific traffic as needed in your case.

Option 1. A SOHO Router appliance (expensive), http://www.sonicwall.com/us/5116.html

Option 2. Setting your own Internet traffic server (some example were mentioned above).

Option 3. Use a service like OpenDNS that provides their own traffic filter to your WAN side of your Router. With OpenDNS you set the WAN side of your current Router to use their DNS server and you do not need to do anything else on your side. You log to OpenDNS site and set a filter to your liking.

Since the Router menus are password protected the user would not be able to adjust any thing to bypass the DNS.
 
Last edited:

bigshahman

Junior Member
Dec 7, 2009
2
0
0
Thanks guys. I'm going to try untangle and see how that works. I also found another way with setting up a Suse server with bind dns server to log the activity. untangle seems easier. thanks again.
 

her209

No Lifer
Oct 11, 2000
56,336
11
0
I just installed untangle for shits and giggles and I have to say it works very nicely and installs quite easily.

EDIT: The thing I like about untangle the most is the ability to block downloads of certain MIME file types.
 
Last edited:

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
I'm a fan of bro-ids if you can't setup other methods (like those mentioned previously). Transaction logging is a wonderful thing.
 

Achatina

Junior Member
Nov 27, 2009
4
0
0
I'm not sure if that's exactly what you are looking for, but I can recommend Protemac Keybag and Actymac Dutywatch - monitoring tools I use at work. They store the web-history of each network computer and can send you alarms, if somebody is trying to access a prohibited web-site.
 

skyking

Lifer
Nov 21, 2001
22,463
5,494
146
I've set up a few private schools and large households with
http://dansguardian.org/
I ran 10 computers through a P3 1000 with 512mb of ram, no problems. It is a very sophisticated system, much more than simple URL blocking.
For example you can research breast cancer all day long, but just try and do a search for big breasts:D
It reads the text on each page and uses a weighted phrase system that you can adjust. It takes a while to get it right.
 

kornphlake

Golden Member
Dec 30, 2003
1,567
9
81
I've set up a few private schools and large households with
http://dansguardian.org/
I ran 10 computers through a P3 1000 with 512mb of ram, no problems. It is a very sophisticated system, much more than simple URL blocking.
For example you can research breast cancer all day long, but just try and do a search for big breasts:D
It reads the text on each page and uses a weighted phrase system that you can adjust. It takes a while to get it right.

+1 for Dansguardian, I recently set up a filter for my home using Dansguardian and I'm very impressed. I'm sure it can be defeated, but I haven't been able to easily find any instructions compared to scads of sites for defeating net nanny and others. Ditto on taking a while to adjust the weighted phrase list, it can be frustrating and the exception phrase list doesn't seem to work as described, at least for me. It kept blocking facebook categorizing it Asian porn or something like that.

For the OP I believe a simple squid proxy with logging enabled should be enough, although it seems like the log reports IP not MAC address, you'd have to do a little bit of digging through DHCP logs to correlate the MAC address to an IP at any given time, unless static IPs were used.
 

gsaldivar

Diamond Member
Apr 30, 2001
8,691
1
81
FYI - OpenDNS and other DNS-based blocking techniques are only effective as a security measure if the user is prevented from manually entering a different DNS server on their local computer. This can be done with a policy restriction in Windows, but can still be circumvented by an advanced user or a user that brings in their own laptop. Also, its possible to do it on the router-side by forceful redirecting of DNS queries to the DNS server of your choice. Ideally you would use either server (dansguardian, squid, ebox, etc.) or a dedicated internet appliance (expensive).

For legal reasons, its important that you disclose the restrictions on network use and monitoring to users before implementing this type of system in an organization.

Good luck!