Blocking Ports On Wrt54G2 Router....

[Damage_inc-]

HELP -MY KIDS BYPASSED  MY OPENDNS FILTERING BY CHOOSING AN ALTERNATE DNS SERVER WITH HELP OF A DOWNLOADED PROGRAM..ID LIKE TO BLOCK THIS OPTION SO IT WONT BE POSSIBLE ...IVE HEARD THAT PORT 53 SHOULD BE BLOCKED AND OR FORWARDED TO OPENDNS...ANYONE FAMILIAR WITH THIS?

THANKS.

Edited January 31, 2013 by Damage_inc-

[loaderXI]

Can u access ur router settings ? have they set up a virtual server ? can u do a factory restore on the wireless router

 

 

 

look at this.....might be answers here not sure

 

 

http://forums.opendns.com/comments.php?DiscussionID=879

[hxtr]

HELP -MY KIDS BYPASSED  MY OPENDNS FILTERING BY CHOOSING AN ALTERNATE DNS SERVER WITH HELP OF A DOWNLOADED PROGRAM..ID LIKE TO BLOCK THIS OPTION SO IT WONT BE POSSIBLE ...IVE HEARD THAT PORT 53 SHOULD BE BLOCKED AND OR FORWARDED TO OPENDNS...ANYONE FAMILIAR WITH THIS?

THANKS.

If he is that smart... you cant stop him. Take his fucking comptuer away from him. You can use any port for this... even 80 for web. 21 for FTP. 25 for SMTP. Does not matter... any port can work if the other end is set to do it.

[TecHnOBoY]

You can do several things:

- restrict their Windows permissions to "User"
- deny all outgoing traffic to destination port 53 (standard DNS Port) and permit the DNS servers you like (Google f.e.  uses the IPs 8.8.8.8 & 8.8.4.4) in the Windows firewall, or on your router if it
- prevent the tool to be used if you know the excact name of the .exe file. in the windows firewall or with other windows settings like "program execution rules"

 

just some hints

Some screenshots for adding rules to your Windows firewall:

1. open your control panel, go to "windows firewall" and choose advanced settings

2. create a new outbound rule (see screenshots) and name it "DNS deny"
3. repeat the steps and create an ALLOW rule with the same Port (53), name it DNS Allow

 

4. The new rules now appear in the list of your outbound rules - right click on the DNS  and choose "properties"

5. select the "Scope Tab" and choose "These IP addresses" in the "Remote IP Adress" field.
6. add all DNS Servers you like to use.  (For example 8.8.8.8 and 8.8.4.4)

 

This should work



 

 

 

 

 

 

 

 

 

 

 

[DEEJAYKEG]

Have you considered a net nanny style program instead?  It seems a much simpler option and you'd be notified if it was tampered with.

[Damage_inc-]

thanks for your responses..first of all we are from a different generation and I personaly could be disconnected from the internet if I had to but these kids nowadays were raised on it...so just taking there communication  and socializing away from them is not an option..I try to filter best possible but kids are smart and tech saavy nowadays and I guess I have to just get on there computors on  a regular basis to make sure they dont install and bypass my dns again..It looks more difficult to try to block ports via my router then I wished.

life gets busy and I assumed the filtering was filtering and I wasnt getting on there computers unless they would bsod and I had to fix em....

So I think I will just

 monitor there computers on regular basis while  there at school during the week and make them aware of this and that I know what is going on  and talk to them and warn them of consecuences...

thanks again

[CPUvirus]

I have clients that request content filtering, and we end up using a program called forticlient. It is a security suite created Fortinet, they make business class routers. It has AV and a firewall but I usually just use the web filter because the AV is kinda awful. It can be configured and password protected so settings cannot get modified. It is a free download.