Community discussions

 
stefnab
just joined
Topic Author
Posts: 17
Joined: Mon Jan 07, 2019 9:53 am

how websites are blocked in big companies & countries

Wed Jan 09, 2019 10:43 pm

I am trying to block websites using:

1. DNS sinkhole - works, unless someone has website IP in cache (people from outside my network using Wifi - especially people with android devices doesn't clear their cache very long time)
2. layer 7 filtering - block video (but does not yt website), doesn't block youtube apps
3. tls host - block most of https websites (but not youtube)
4. block port 40, 443 tcp (for example) content: youtube -blocks acces to youtube website on mobile devices (only), doesnt block yt app.
5. blocking IP - works, but script has to be refreshed basically every one minute to work properly, it generates traffic and is invconvenient

I did tests on most popular webrowser - chrome and partially on firefox. As you see, any of mentioned methods isn't perfect. So tell me please, how are blocked webites in big companies&corporations (especially youtube) and countries like china ?
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1512
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: how websites are blocked in big companies & countries

Wed Jan 09, 2019 11:18 pm

From my experience, i've encountered two:
either dns based or
L7 firewall, with wildcard certificates, allowing full decryption of traffic
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1230
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: how websites are blocked in big companies & countries

Sat Jan 12, 2019 9:26 pm

Mikrotik is not designed for this and should not be used for this.

Look into products like Sonicwall, which can inspect encrypted data and is designed for things like this
MTCNA, MTCTCE, MTCRE & MTCINE

Who is online

Users browsing this forum: Bing [Bot] and 23 guests