Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




404 posts

Ultimate Geek
+1 received by user: 55


Topic # 242476 30-Oct-2018 10:01
Send private message

I work for a small training organisation, and being rural we only have access to a rather slow ADSL connection.

 

When students are on site they are consistently playing PUPG using the school WiFi provided, however, this is saturating the ADSL connection and brings general internet use grinding to a halt when staff need to get things done. Regardless, We don't want them having access to the game using school WiFi anyway as it has become a severe study distraction as of recent.

 

The setup is very simple, Vigor 120, basic 24P switch and a couple Unifi AP's

 

I need to be able to block access to the game servers but haven't had any luck. From what I have found online, they use Amazon servers and address are dynamic, as well as the ports used. Don't want to go down the whitelisting option as its too restrictive.

 

Anyone able to offer some insight on how to go about blocking this game in particular? Different hardware required?

 

 

 

 


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
5365 posts

Uber Geek
+1 received by user: 1412

Moderator
Trusted
Lifetime subscriber

  Reply # 2116673 30-Oct-2018 10:33
Send private message

Perhaps a problem that could be solved with a policy and some consequences, rather than a technical solution?




404 posts

Ultimate Geek
+1 received by user: 55


  Reply # 2116675 30-Oct-2018 10:38
Send private message

That has been attempted with little result, plus, these are young adult students who should not need constant monitoring from staff, nor do we have the staffing resources to do so.

 

Corporates and larger schools are able to block these services easily, how do they go about it?

 

 

 

 


 
 
 
 


185 posts

Master Geek
+1 received by user: 59


  Reply # 2116676 30-Oct-2018 10:41
2 people support this post
Send private message

Do the students have a separate SSID? Limit the bandwidth to an unplayable rate.


5365 posts

Uber Geek
+1 received by user: 1412

Moderator
Trusted
Lifetime subscriber

  Reply # 2116677 30-Oct-2018 10:43
Send private message

They likely have their network running through a firewall or proxy with the ability to granularly block traffic to ports/services/IP addresses.  If you're on ADSL this is probably not available to you - are you just using the stock ISP router or is there a dedicated firewall in the mix?

 

You've said they should not need constant monitoring from staff, but their behaviour says otherwise.  What is the consequence for the policy?  It needs to be severe enough to deter.  

 

You could possibly limit Wi-Fi access to any devices you don't control.  Maybe turn off DHCP and just use static IP addresses for the devices that need online access.  




404 posts

Ultimate Geek
+1 received by user: 55


  Reply # 2116679 30-Oct-2018 10:47
Send private message

Dolts:

 

Do the students have a separate SSID? Limit the bandwidth to an unplayable rate.

 

 

 

 

Students do have a separate SSID which is currently rate limited, however if I reduce it further it would negatively impact those students whom are using the internet for genuine reasons


3061 posts

Uber Geek
+1 received by user: 382


  Reply # 2116682 30-Oct-2018 10:52
Send private message

You may be thinking too far down the track for the cutoff.

 

Sure, they may use dynamic amazon servers. But the app will still reach out to a single/small range DNS point or login server to verify the user/app first and find the name resolution to go hunting for those dynamic locations.

 

And that's the level you need to kill. QoS/NAT the authenticator/login path. Problem be gone.

 

Get yourself a router and the same app, HUB (or clone the packets) on the WAN side, wireshark. Open app.. Boom.

 

Or as above.. adjust DHCP and static/reserve those that are permitted to a different path.




404 posts

Ultimate Geek
+1 received by user: 55


  Reply # 2116687 30-Oct-2018 11:00
Send private message

gehenna:

 

They likely have their network running through a firewall or proxy with the ability to granularly block traffic to ports/services/IP addresses.  If you're on ADSL this is probably not available to you - are you just using the stock ISP router or is there a dedicated firewall in the mix?

 

You've said they should not need constant monitoring from staff, but their behaviour says otherwise.  What is the consequence for the policy?  It needs to be severe enough to deter.  

 

You could possibly limit Wi-Fi access to any devices you don't control.  Maybe turn off DHCP and just use static IP addresses for the devices that need online access.  

 

 

Thanks, not ISP supplied but, yes, very simple setup. Vigor ADSL modem, non-managed switch and UAP's. No USG, Firewall etc

 

Their behaviour does say otherwise, but as mentioned we don't have the staffing recourses to keep tabs on them constantly. Any significant abuse will result in penalties. However the discussion of school discipline,staffing and policies isn't something to be discussed further publicly, this is managed as we see fit. 

 

The path we want to explore now is to restrict access for all at a network level


3061 posts

Uber Geek
+1 received by user: 382


  Reply # 2116690 30-Oct-2018 11:05
Send private message

I'm guessing this will help? ;) ...

 

 

Worded domain of: epicgames.com and easy.ac

 

104.28.2.249 , 104.28.3.249 (easyanticheat.net)

 

54.86.141.201 , 18.205.125.105(epicgames.com)

 

And drop the 9000 UDPs ;)

 

https://www.reddit.com/r/FORTnITE/comments/8c7n6o/fornite_ips_and_outgoing_ports_for_strict/

 

Unless I've got my apps mixed up and its actually Player Unknown in particular.


360 posts

Ultimate Geek
+1 received by user: 133


  Reply # 2116694 30-Oct-2018 11:19
Send private message

Fortnite, pubg etc. you can filter them all but in the end the students still have their phone connected and will do something else with it. On a limited connection you're going to have to rate limit harder, or drop people.

epr

183 posts

Master Geek
+1 received by user: 63


  Reply # 2116697 30-Oct-2018 11:24
One person supports this post
Send private message

firefuze:

 

That has been attempted with little result, plus, these are young adult students who should not need constant monitoring from staff, nor do we have the staffing resources to do so.

 

Corporates and larger schools are able to block these services easily, how do they go about it?

 

 

 

 

 

 

 

 

Get in touch with linewize and see if they have a device that will suit your needs and fit your budget.


5365 posts

Uber Geek
+1 received by user: 1412

Moderator
Trusted
Lifetime subscriber

  Reply # 2116699 30-Oct-2018 11:26
Send private message

firefuze:

 

gehenna:

 

They likely have their network running through a firewall or proxy with the ability to granularly block traffic to ports/services/IP addresses.  If you're on ADSL this is probably not available to you - are you just using the stock ISP router or is there a dedicated firewall in the mix?

 

You've said they should not need constant monitoring from staff, but their behaviour says otherwise.  What is the consequence for the policy?  It needs to be severe enough to deter.  

 

You could possibly limit Wi-Fi access to any devices you don't control.  Maybe turn off DHCP and just use static IP addresses for the devices that need online access.  

 

 

Thanks, not ISP supplied but, yes, very simple setup. Vigor ADSL modem, non-managed switch and UAP's. No USG, Firewall etc

 

Their behaviour does say otherwise, but as mentioned we don't have the staffing recourses to keep tabs on them constantly. Any significant abuse will result in penalties. However the discussion of school discipline,staffing and policies isn't something to be discussed further publicly, this is managed as we see fit. 

 

The path we want to explore now is to restrict access for all at a network level

 

 

 

 

What's the make/model of router?


3682 posts

Uber Geek
+1 received by user: 1092


  Reply # 2116709 30-Oct-2018 11:42
Send private message

SpartanVXL: Fortnite, pubg etc. you can filter them all but in the end the students still have their phone connected and will do something else with it. On a limited connection you're going to have to rate limit harder, or drop people.

 

Probably this,

 

On a poor ADSL connection you are always gonna be battling Bandwidth hoggers...


463 posts

Ultimate Geek
+1 received by user: 131


  Reply # 2116800 30-Oct-2018 13:08
One person supports this post
Send private message

Blocking content one site at a time just starts an endless game of whack-a-mole. Deploy a dns filtering product that lets you block games as a category.

1088 posts

Uber Geek
+1 received by user: 66


  Reply # 2116846 30-Oct-2018 13:27
One person supports this post
Send private message

firefuze:

 

That has been attempted with little result, plus, these are young adult students who should not need constant monitoring from staff, nor do we have the staffing resources to do so.

 

Corporates and larger schools are able to block these services easily, how do they go about it?

 

 

Most schools have the benefit of utilizing N4L (Network 4 Learning) filtering hardware/software in the form of Cisco firewall and now rolling out Fortinet devices to all schools.

 

Depending on your setup, there are a number of things you can employ to block the access to the game, but it does depend on a number of factors:

 

Do you have a local domain to which the computers are joined?

 

Do the students access devices joined to a local domain, or are they using BYOD (Bring Your Own Device)?

 

If you do have a local domain and all the computers a joined to it, you can employ Group Policies to block the .exe's from being run on the network.  You can also look to purchase software like ABTutor of LANSchool to monitor what is being done on the devices in the school.

 

 

 

Failing that, you can either invest in a security appliance (Fortinet, Watchguard, etc) which will have application signature detection and allow granular internet filtering (restrictive for students, less restrictive for staff)

 

 

 

As a final solution, you could setup a pfSense firewall to try block/limit access to the game's servers.

 

 

 

At the end of the day, there is no easy way to block the game with the equipment you have (firewall/router) you will need more advanced (and unfortunately more expensive) kit to achieve what you are wanting.

 

Does the training organisation qualify to connect with N4L by chance?


defiant
809 posts

Ultimate Geek
+1 received by user: 414

Lifetime subscriber

  Reply # 2116853 30-Oct-2018 13:57
2 people support this post
Send private message

Given your limited setup you could look at OpenDNS, pretty sure you can block by categories/domains etc, then setup NAT to force all DNS to the router


 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic


Donate via Givealittle


Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Amazon introduces new Kindle with adjustable front light
Posted 21-Mar-2019 20:14


A call from the companies providing internet access for the great majority of New Zealanders, to the companies with the greatest influence over social media content
Posted 19-Mar-2019 15:21


Two e-scooter companies selected for Wellington trial
Posted 15-Mar-2019 17:33


GeForce GTX 1660 available now
Posted 15-Mar-2019 08:47


Artificial Intelligence to double the rate of innovation in New Zealand by 2021
Posted 13-Mar-2019 14:47


LG demonstrates smart home concepts at LG InnoFest
Posted 13-Mar-2019 14:45


New Zealanders buying more expensive smartphones
Posted 11-Mar-2019 09:52


2degrees Offers Amazon Prime Video to Broadband Customers
Posted 8-Mar-2019 14:10


D-Link ANZ launches D-Fend AC2600 Wi-Fi Router Protected by McAfee
Posted 7-Mar-2019 11:09


Slingshot commissions celebrities to design new modems
Posted 5-Mar-2019 08:58


Symantec Annual Threat Report reveals more ambitious, destructive and stealthy attacks
Posted 28-Feb-2019 10:14


FUJIFILM launches high performing X-T30
Posted 28-Feb-2019 09:40


Netflix is killing content piracy says research
Posted 28-Feb-2019 09:33


Trend Micro finds shifting threats require kiwis to rethink security priorities
Posted 28-Feb-2019 09:27


Mainfreight uses Spark IoT Asset Tracking service
Posted 28-Feb-2019 09:25



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.