Community discussions

MikroTik App
 
mohawk24
just joined
Topic Author
Posts: 12
Joined: Wed Feb 06, 2013 5:54 pm

How do i block 100% netflix, hulu, youtube, roku, etc.

Thu May 15, 2014 4:16 am

Hi Guys, just wondering if anyone has been able to 100% block streaming video sites like netflix etc., I have tried many times and i have not been successful. I have the proxy enabled and have the site blocked and all the known urls, however the ios apps and rokus still get through...

RB450g, rb2011uas

Any help would be extremely appreciated...
 
User avatar
Caci99
Forum Guru
Forum Guru
Posts: 1075
Joined: Wed Feb 21, 2007 2:26 pm
Location: Tirane
Contact:

Re: How do i block 100% netflix, hulu, youtube, roku, etc.

Thu May 15, 2014 1:18 pm

If you want to block those pages completely, setup a transparent dns first:
/ip firewall nat
add chain=dstnat action=redirect to-ports=53 protocol=udp dst-address-type=!local dst-port=53
add chain=dstnat action=redirect to-ports=53 protocol=tcp dst-address-type=!local dst-port=53
This way, no matter what dns the customer configures, it will always get resolved by your local cache.
Then, just add static entries for the pages you want to block:
/ip dns static
add name=www.youtube.com address=127.0.0.1
You may need to restart the PC since it has its own dns cache, or just flush that local dns cache
 
mohawk24
just joined
Topic Author
Posts: 12
Joined: Wed Feb 06, 2013 5:54 pm

Re: How do i block 100% netflix, hulu, youtube, roku, etc.

Fri May 16, 2014 1:54 am

This will stop the direct url people....but what about people using the apps (netflix, hulu) , and streaming devices...like roku, appletv etc...

I have been successful in blocking the direct url's....just not everything else...
 
mohawk24
just joined
Topic Author
Posts: 12
Joined: Wed Feb 06, 2013 5:54 pm

Re: How do i block 100% netflix, hulu, youtube, roku, etc.

Sun May 18, 2014 12:39 am

bump^^^
 
mcskiller
newbie
Posts: 40
Joined: Mon Feb 13, 2012 7:12 am
Location: Argentina
Contact:

Re: How do i block 100% netflix, hulu, youtube, roku, etc.

Sun May 18, 2014 2:30 am

Bump!!

Enviado desde mi Nexus 7 mediante Tapatalk
 
User avatar
Hammy
Forum Veteran
Forum Veteran
Posts: 776
Joined: Fri May 28, 2004 5:53 pm
Location: DeKalb, IL
Contact:

Re: How do i block 100% netflix, hulu, youtube, roku, etc.

Sun May 18, 2014 4:13 am

Disconnect ether1. ;-)

Sent from my EVO using Tapatalk
 
User avatar
patrikg
Member Candidate
Member Candidate
Posts: 224
Joined: Thu Feb 07, 2013 6:38 pm
Location: Stockholm, Sweden

Re: How do i block 100% netflix, hulu, youtube, roku, etc.

Sun May 18, 2014 11:06 am

Just open up sites that you want.
 
User avatar
Hammy
Forum Veteran
Forum Veteran
Posts: 776
Joined: Fri May 28, 2004 5:53 pm
Location: DeKalb, IL
Contact:

Tue Jun 02, 2015 5:04 pm

Check out Greg Sowell's 2015 US MUM presentation for some guidance. It'll show you how to do some of them without L7.
Last edited by Hammy on Tue Jun 02, 2015 7:37 pm, edited 1 time in total.
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4047
Joined: Wed May 11, 2011 6:08 pm

Re: How do i block 100% netflix, hulu, youtube, roku, etc.

Tue Jun 02, 2015 5:15 pm

Disconnect ether1. ;-)
LOL - I was going to say the same thing.

I know the thread is old, but just to reply to a point made earlier in the thread -

Apps can be blocked with DNS just as effectively as "direct URL" access because guess what - the apps have to use DNS also. They COULD have hard-wired IP addresses in their code, but this would be troublesome if the servers' IP addresses ever needed to be migrated, so I am pretty sure that it's quite rare to find an app with a hard-wired IP address in its code.
(hotspot detection is a notable exception to this - they have to know what IP address an un-tampered reply would give)
 
Lonecrow
Member Candidate
Member Candidate
Posts: 136
Joined: Mon Dec 24, 2007 4:58 am

Re: How do i block 100% netflix, hulu, youtube, roku, etc.

Tue Jun 02, 2015 5:40 pm

You need to use L7 stuff. But it changes so its difficult to track down the specific signatures. There are plenty of boxes out there that can ID the traffic with a multitude of definitions that if they match enough of them it'll be considered netflix and then you just decide what to do with it (ie drop / throttle)
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 2990
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: How do i block 100% netflix, hulu, youtube, roku, etc.

Wed Jun 03, 2015 6:56 am

You need to use L7 stuff. But it changes so its difficult to track down the specific signatures. There are plenty of boxes out there that can ID the traffic with a multitude of definitions that if they match enough of them it'll be considered netflix and then you just decide what to do with it (ie drop / throttle)

Yes they are UTM devices and that kind of aPP ID its a licensed service with a year payment, is not free.

I use opendns to take certain control of navigation its free bot has limited customization and depends of the scenario to be successful.
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4047
Joined: Wed May 11, 2011 6:08 pm

Re: How do i block 100% netflix, hulu, youtube, roku, etc.

Wed Jun 03, 2015 6:35 pm

Don't forget that youtube is all SSL now, so layer7 won't work on YouTube.

The best thing to do would be to simply set up a queueing mechanism on all HTTP(S) traffic which allows a nice big healthy initial burst of a hundred megabytes or so, but after the burst is over, throttles it to something ridiculous like 256Kbps. General web surfing will work just like normal, and even downloads smaller than the burst size will be fast. Extended streaming will go over budget, and get severely throttled so as to make the stream stop working. It will just look like (and actually be the case that) your network performs too poorly for streaming.

This is better than blocking because if you just block traffic, savvy users are going to make it their mission in life to tunnel around your countermeasures, whereas if it's just slow, they're going to think you suck for video streaming and just not do streaming on your network.
 
shootaboyz
just joined
Posts: 2
Joined: Fri Jul 18, 2014 10:26 am

Re: How do i block 100% netflix, hulu, youtube, roku, etc.

Thu Jul 30, 2015 8:35 am

Hello, sorry to intrude like this, but I was browsing for some ways to limit streaming videos using Mikrotik and came upon your suggestion of using queue. I am new at this but very interested in implementing your idea. Can you post a guide or point me to one about setting up a http(s) queue? Thanks.
 
User avatar
Hammy
Forum Veteran
Forum Veteran
Posts: 776
Joined: Fri May 28, 2004 5:53 pm
Location: DeKalb, IL
Contact:

Re: How do i block 100% netflix, hulu, youtube, roku, etc.

Thu Jul 30, 2015 2:33 pm

Hello, sorry to intrude like this, but I was browsing for some ways to limit streaming videos using Mikrotik and came upon your suggestion of using queue. I am new at this but very interested in implementing your idea. Can you post a guide or point me to one about setting up a http(s) queue? Thanks.
wiki.mikrotik.com

Who is online

Users browsing this forum: Ahrefs [Bot], fragment, hasan2221 and 97 guests