Slashdot Mirror

Bell and rogers havent exactly been angels these last few years. Ad why would you want to use their dns server(s) when you can use a service like opendns from http://www.opendns.com/

No need for software just use either http://www.opendns.com/

Or if you want more control, setup a PC as a gateway with:

http://dansguardian.org/

It requires some knowledge of Unix type operating systems and proxies.

It can run on Linux, FreeBSD, OpenBSD, NetBSD, Mac OS X, HP-UX, and Solaris, (officially there are probably contributed builds for other operating systems.

Then again there's always education and supervision. You can't fix human & sociological problems with technological tools, it's like trying to fix a broken sink pipe with a car jack and a rubber mallet.

Um, this concerns me quite a bit:

These servers proxy the real www.google.com to strip out some functionality that opendns found particularly offensive...

What? That doesn't make any sense. They only appear to proxy the first page, enough to capture what you type in the search box.

Lets examine the evidence:

$ dig @resolver1.opendns.com www.google.com A
www.google.com. 30 IN CNAME google.navigation.opendns.com.
google.navigation.opendns.com. 30 IN A 208.67.216.231
google.navigation.opendns.com. 30 IN A 208.67.216.230

$ whois 208.67.216.231
OrgName: OpenDNS, LLC

Now visit both:
http://208.67.216.231/
http://www.google.com/

Notice anything different in the footer? Say the link that says Go to Google.com

There may be a good faith relationship between OpenDNS and Google, but it still means that OpenDNS is proxying your queries! Thus tracking your search queries.

It appears OpenDNS never responded to the many questions on their own forum

DNS redirection is bad, and proxying to collect information is evil. Both methods are employed by scammers and phishers.

Whatever. OpenDNS.

Everyone go to opendns here and avoid this all together?

"My company was hit pretty hard by the conficker virus." - by goltzc (1284524) on Tuesday June 30, @04:04PM (#28533883)

Whose fault is that? You CAN prevent it, you know (from striking even), by doing a few simple things, such as what is listed here:

http://it.slashdot.org/comments.pl?sid=1159209&cid=27178753

----

Regarding "stalling" CONFICKER specifically:

( From http://www.xtremepccentral.com/forums/showthread.php?s=265edfd9cff2fd6ef1993571b23d1598&t=28430&page=3 )

----

"A.) STALL SERVER SERVICE (if you don't need a LAN/WAN to connect to & all you do is hit the internet on a single standalone machine)...

AND

B.) It recommends you stall out indiscriminate usage of javascript also!

Between those 2 measures (&, possibly ,b>ALSO, a HOSTS file that stops access to this CONFICKER worm's control servers -> http://forums.opendns.com/comments.php?DiscussionID=3043 which leads to said list here -> http://www.f-secure.com/weblog/archives/Downadup_Domain_Blocklist_February.txt )?

Hey... YOU TELL ME, lol, IF it works, or not..."

----

It'll work... addtionally blocking ACL (access control lists) access to the autorun.inf files in the root of you drives helps also (vs. how it spreads from USB sticks etc. et al).

(Do all of the above, especially if you don't need to be sharing disks/folders/files from your system to users over the public internet or a local LAN/WAN (saving CPU cycles, RAM, &/or other forms of I/O as well you would be otherwise wasting because you are not using what the server service provides, file & print sharing), & it quite literally (@ least theoretically) should "PROOF YOU" vs. this worm).

APK

P.S.=> That was regarding the /. article titled (from near when this worm was discovered):

New Conficker Variant Increases Its Flexibility:

http://news.slashdot.org/article.pl?sid=09/02/20/239229 [slashdot.org]

on 02/20/3009 here on this website... apk

----

And, it works...

Heck, you CAN do without the server service, as a workstation on a LAN/WAN even (because iirc, workstation service allows for MOST of what you'd need anyways), & have full access to its services, like the internet for example, if you wish!

(HOWEVER - If you have to share files/folders from said system? THEN, you'll NEED the server service active!)

Otherwise? Not really - server service is NOT required, but you might have to apply your OWN updates though as an end-user minus the server service running, as stalling server service removes accessible shares & such that SERVER service provides!

(Which might adversely affect SMS & like updating from a central source in a work LAN/WAN environs (that'd be up to you & the user(s) in question though, & what your + THEIR needs are in such a situation)).

APK

P.S.=> I put that out, originally @ xtremepccentral.com, & later here on /., because it works, on many levels!

I did so, almost @ the time it began "blowing away" systems all over the place... because it worked!

Common-sense should have told you, as an administrator (assuming THAT is your role, or that of a network tech/engineer) that those were the simple steps to take (along with detectors to signal a removal candidate, but you never or should NEVER have seen it in the 1st place, if you did the above steps to your Windows NT-based machines)... apk

https://www.opendns.com/

http://www.dnsserverlist.org/

how to block adult web sites, the non Microsoft way. Of course this doesn't deserve a whole article on slashdot .. :)

I get OpenDNS error pages for nonexistent domains.

I'm in southwestern Pennsylvania (roughly Pittsburgh area) and I have my router set to use OpenDNS servers.

However, I get Firefox's standard "Page Load Error" page with a nonexistent domain, and www.opendns.com/welcome/ tells me I'm not using OpenDNS.

This used to work just fine.

There are numerous free programs out there that allow you to encrypt your online activities by using VPN. I've been using Hotspot Shield and Tor. Give those a try, hopefully they are not blocked by your college's IT infrastructure. Also, use OpenDNS - this will bypass simple DNS filtering and protect you against worms such as Conficker.

If you set the DNS to OpenDNS on router level and block outgoing DNS traffic from clients (mostly not needed), set it very strict, e.g. no piracy sites, no porn (obvious), not even lingerie, no proxies (so they can't bypass), most of sticky and shameless give up in about 10-20 mins.

Oh if they say you are censoring? Well, they can subscribe to Cell company 3G and even EDGE and use their _own_ bandwidth for whatever they do. It is a public/free service, "a privilege, not a right" in IRC fashion.

http://www.opendns.com/

I know you can achieve all with own stuff but opendns is just couple of clicks and please don't tell me how to bypass it with direct IP etc. I know.

"If you want to keep the kiddies from seeing naked ladies, you really have to disable the entire site to stop the image searches and have some control over the searches"

Adult Site Blocking from St. Bernard Software 'OpenDNS Web content filtering uses the iGuard database from St. Bernard Software to power all categories relating to "Adult" content'

Why not just use OpenDNS Web Content Filtering and what about Family Safety if you are a Linux user?

DNS outages lasting hours at a time

The other complaints are more than valid, but OpenDNS works very well for me, as an alternative to Comcast's DNS servers.

http://www.opendns.com/ and a good hosts file.

Actually, something like that exists for Linux and any OS that uses DNS - check out OpenDNS.

http://www.opendns.com/

You can configure what levels of filters to use and even customize the page that opendns supplies when a forbidden link is clicked.

They are also working to block some of the botnet phone homes.

All you need to do is use their name servers. You can set up an account and configure what gets blocked and what doesn't.

Also check out an enhanced hosts file at http://www.mvps.org/winhelp2002/hosts.htm.

That will block a lot of requests from ever leaving the computer. You can also add in whatever others you want as well.

Just change your DNS servers to OpenDNS (http://www.opendns.com/) and register your IP with them. You can use their category-based filtering to block the pr0n. Block adware, malware, and phishing while you're at it. Oh, and enjoy a faster DNS service and extensive stats pages. If you are worried about a dynamic IP from your ISP, don't be: most ISP's preferentially reassign IPs to customers instead of switching it up. Happy censoring!

You could try OpenDNS to filter porn and adult sites.

Set your DNS server to open DNS. It blocks a lot of porn, phishing, .... I have it setup as the default from my router so it is not on the computer's settings. Go to
http://www.opendns.com/

Regarding "stalling" CONFICKER specifically:

( From http://www.xtremepccentral.com/forums/showthread.php?s=265edfd9cff2fd6ef1993571b23d1598&t=28430&page=3 )

----

"A.) STALL SERVER SERVICE (if you don't need a LAN/WAN to connect to & all you do is hit the internet on a single standalone machine)...

AND

B.) It recommends you stall out indiscriminate usage of javascript also!

Between those 2 measures (&, possibly ALSO, a HOSTS file that stops access to this CONFICKER worm's control servers -> http://forums.opendns.com/comments.php?DiscussionID=3043 which leads to said list here -> http://www.f-secure.com/weblog/archives/Downadup_Domain_Blocklist_February.txt)?

Hey... YOU TELL ME, lol, IF it works, or not..."

----

It'll work... addtionally blocking ACL (access control lists) access to the autorun.inf files in the root of you drives helps also (vs. how it spreads from USB sticks etc. et al).

(Do all of the above, especially if you don't need to be sharing disks/folders/files from your system to users over the public internet or a local LAN/WAN (saving CPU cycles, RAM, &/or other forms of I/O as well you would be otherwise wasting because you are not using what the server service provides, file & print sharing), & it quite literally (@ least theoretically) should "PROOF YOU" vs. this worm).

APK

P.S.=> That was regarding the /. article titled (from near when this worm was discovered):

New Conficker Variant Increases Its Flexibility:

http://news.slashdot.org/article.pl?sid=09/02/20/239229

on 02/20/3009 here on this website... apk

I don't know whether this is -1 Flamebait, -1 Redundant or +1 Insightful. Can we have a "+0 Brain melted" rating?

Either way, they could track it unless you switched DNS server.

Mr. Ulevitch,

Your response is not yet of sufficient detail to be believeable.

Before I get into that, I'll note that when I tried your DNS on by box, I did an ethernet trace and found my local 196.168.*.* IPs where being looked up on your
service. Apparently I need to run my own BIND to avoid that.

https://www.opendns.com/smb/start/device/apple-osx-leopard
# just add our DNS IPs as your resolver

I consider it a security hazard for my intranet addresses to be looked up on an outside DNS. Nowhere do you warn people of this unexpected behaviour. "Just add us." There's no mention of one's opting in to your proxies or DNS intercepts at the point of the directions to "just add us." Why don't you fix that? We have privacy protections in law with our onramp ISP, but not with your service.

" Do you like advertising with your DNS?
    OpenDNS result:"

# You tried to visit 208.67.217.132, which is not loading.
#
# OpenDNS Guide [search box]
#
# Refine Your Search
#
# Real Estate
# Apartment for Rent
# Personals
# Cheap Airfare
# Vacation Packages
# Vegas Vacation
# Cancun Hotel
# New Cars
# Hybrid Cars
# Digital Cameras

" Real classy. (not)"

I find it hard to believe your business model makes money via your search page.

Prove it: break down your company's costs and income.

What else?

http://www.opendns.com/privacy/
#
# We are affiliated with a variety of businesses and
# work closely with them in order to provide our services
# to users. We will only share personal information with
# affiliates to the extent that is necessary for such
# affiliates to provide the services. For example, when
# a website visitor searches on OpenDNS, the IP address
# and query are shared with OpenDNS's advertising partners.

Who are your advertising partners, Mr. Ulevitch?
Which domains/IPs/anything else are you intercepting to proxy?

I find the wording "We will only share personal information" is probably designed to mislead the public as to what is really happening. People have probably seen ads on pages that use their name right in the ad, and this happens because the ad was a cgi retrieval from say Yahoo! and so it gets your Yahoo! cookie, which is how it returned a personalized ad.

If you proxy to Google, are you passing the user's Google cookies through your proxy? Is there anything in your TOS limiting you from passing those cookies and the URL (with the search query) to your other "affiliates?" The cookies may not include "personal information", but the cross-pollination available is similar to what happens with "deep-packet inspection" advertising.

Which major search engines and advertisers are you "affiliated" with, meaning you _do_ log and pass data to them (IP/search URL/cookies)?

If Google an affiliate? Is Yahoo!? MSN?

Tell us who your affiliates are and what information they receive and under what circumstances.

Or have you pre-explained not answering by postulating you are just feeding the trolls?

Mr. Ulevitch,

Your response is not yet of sufficient detail to be believeable.

Before I get into that, I'll note that when I tried your DNS on by box, I did an ethernet trace and found my local 196.168.*.* IPs where being looked up on your
service. Apparently I need to run my own BIND to avoid that.

https://www.opendns.com/smb/start/device/apple-osx-leopard
# just add our DNS IPs as your resolver

I consider it a security hazard for my intranet addresses to be looked up on an outside DNS. Nowhere do you warn people of this unexpected behaviour. "Just add us." There's no mention of one's opting in to your proxies or DNS intercepts at the point of the directions to "just add us." Why don't you fix that? We have privacy protections in law with our onramp ISP, but not with your service.

" Do you like advertising with your DNS?
    OpenDNS result:"

# You tried to visit 208.67.217.132, which is not loading.
#
# OpenDNS Guide [search box]
#
# Refine Your Search
#
# Real Estate
# Apartment for Rent
# Personals
# Cheap Airfare
# Vacation Packages
# Vegas Vacation
# Cancun Hotel
# New Cars
# Hybrid Cars
# Digital Cameras

" Real classy. (not)"

I find it hard to believe your business model makes money via your search page.

Prove it: break down your company's costs and income.

What else?

http://www.opendns.com/privacy/
#
# We are affiliated with a variety of businesses and
# work closely with them in order to provide our services
# to users. We will only share personal information with
# affiliates to the extent that is necessary for such
# affiliates to provide the services. For example, when
# a website visitor searches on OpenDNS, the IP address
# and query are shared with OpenDNS's advertising partners.

Who are your advertising partners, Mr. Ulevitch?
Which domains/IPs/anything else are you intercepting to proxy?

I find the wording "We will only share personal information" is probably designed to mislead the public as to what is really happening. People have probably seen ads on pages that use their name right in the ad, and this happens because the ad was a cgi retrieval from say Yahoo! and so it gets your Yahoo! cookie, which is how it returned a personalized ad.

If you proxy to Google, are you passing the user's Google cookies through your proxy? Is there anything in your TOS limiting you from passing those cookies and the URL (with the search query) to your other "affiliates?" The cookies may not include "personal information", but the cross-pollination available is similar to what happens with "deep-packet inspection" advertising.

Which major search engines and advertisers are you "affiliated" with, meaning you _do_ log and pass data to them (IP/search URL/cookies)?

If Google an affiliate? Is Yahoo!? MSN?

Tell us who your affiliates are and what information they receive and under what circumstances.

Or have you pre-explained not answering by postulating you are just feeding the trolls?

I'm the founder of OpenDNS. I've decided to reply even though these comments are heinously wrong, and probably just me feeding the trolls...

We have never sold user data, ever. We also have no CDN bills, we don't even use a CDN. We've built a global BGP-speaking network with hundreds of peers around the world. I know, because I built it. We peer at LoNAP, LINX, PAIX, SeattleIX and on a few of the Equinix peering fabrics around the US.

The idea that we would build our business based on monitoring user data is preposterous. I wouldn't stand for it, nor would our employees. I'm confident that all our engineers are just as vocal or more vocal about doing the right thing than you are. We make it very clear how we make money, and it's all over our website. Go to http://guide.opendns.com and do a search. The sponsored results are ads where we get paid, the organic results are regular search results. That's how we make money. We might offer an enterprise for-pay service down the road as some of our customers begin to demand tighter integration with their network but for now, we're happy with our business. And I'm happy to report that we're profitable and stable, even in this economy.

And as to the OpenDNS proxy. It's true, we do redirect certain Google requests through a proxy so that we can make our OpenDNS shortcuts and some other features work more reliably. Two important things here: First, we peer with Google at every datacenter, so we aren't adding to your latency or anything else. Second, we don't log and store any data and we certainly don't care about it. We prefer to be able to confidently say we aren't keeping data on it. Of course, you are welcome to disable it by going into your settings and disabling the OpenDNS proxy. That's it. Do that and we don't ever see the request. Pretty easy. End of story.

David Ulevitch
Founder, OpenDNS

"Specifically, highjacking SSL sessions .. Several of my customers have had problems with their domain names not resolving .. two of them had pop up warnings .. about a security certificate not matching the domain name"

Well, if you're happy with your DNS server redirecting without telling you, then it isn't a problem. By the way, why would your customers phone you if they have problems with OpenDNS. Wouldn't they just add an entry to their Never Block list.

"Specifically, highjacking SSL sessions .. Several of my customers have had problems with their domain names not resolving .. two of them had pop up warnings .. about a security certificate not matching the domain name"

Well, if you're happy with your DNS server redirecting without telling you, then it isn't a problem. By the way, why would your customers phone you if they have problems with OpenDNS. Wouldn't they just add an entry to their Never Block list.

The notion that OpenDNS is evil because they run ads is juvenile. So is the notion that they're evil because they keep logs and records. Name me a Unix system or any provider of any kind of Internet services that doesn't keep logs and records.

The point is that they hijack both your NX responses and google searches without telling you either upfront. They broadly advertise Web Content Filtering, Phishing Protection, Zero-Downtime Network, Faster Internet, Statistics etc. but not a single word about ad injection or google hijacking.

If you have no privacy concerns about a third party monitoring your google queries then that's fine. But I guess most people would at least prefer to know.

Stop spreading FUD. Their privacy policy says that "OpenDNS removes the IP address from its logs within 2 business days." That's better than Google and probably any other search engine you might use.

I said that use of their service would make them privy to information that I don't wish for them to have. Specifically, my information. I'd love to hear a self-consistent explanation of how that constitutes Fear, Uncertainty, and/or Doubt. In fact I hereby challenge you to provide one. I'd like to see you try, so I won't tell you right now why that will fail although it's qute possible Merriam Webster can fill you in. Extra points if it's not trivial for me to tear down your argument. I don't normally use a tone like this when I reply to someone, but you have made an accusation and I demand to see either your evidence or a concession that you have spoken amiss.

I'd also like a self-consistent explanation of how the privacy problems posed by various search engines somehow justifies unnecessarily supplying OpenDNS with my information. Considering that the services OpenDNS offers are worse for me than what I can do for myself using Open Source software, this would indeed be unnecessary. To justify what you just said, you would have to explain how one wrong thing justifies and excuses another, unrelated wrong thing. Good luck with that.

I strongly doubt I'm going to get either explanation. I fully expect you to quietly disappear from this thread and find an easier target for your apologist message, but on occasion people do surprise me. Having said that, I will add that I think you are misunderstanding something fundamental. I will explain what that is. I am not satisfied that they promise to play nice with my information or that they don't retain it for very long (nevermind that I cannot audit their systems, so I have no way to verify those claims and must take their word for it). I am satisfied when they have no access to my information. If other people don't feel that way, this is their business, but I considered all my options long before it ever occurred to you that a little two-liner from an AC was going to change my mind and I believe my stance is a solid one that I can back up. Can you say the same?

Stop spreading FUD. Their privacy policy says that "OpenDNS removes the IP address from its logs within 2 business days." That's better than Google and probably any other search engine you might use.

You can turn this feature off. http://www.opendns.com/support/article/244 is their response to questions about privacy.

For those that have OpenDNS running, you go to Settings, Advanced and then at the bottom there is the Network Shortcuts section. Uncheck the box "Enable OpenDNS Proxy".

I have the service and I am quite happy to trade a little privacy for the content filtering done by someone else, without requiring any software installs or any maintenance of IPTables or anything else on my part. It is passive safety, I know, but gives some peace of mind with a teenager who knows his way around computers. It blocks proxies too. If there is an alternative, I'd love to read about it.

I don't know about others, but I found that OpenDNS's tracking of the IP addresses I was coming from was somewhat flaky, even though I was running their dynamic IP update client. So, every so often I would end up getting proxied service for an hour or so. And, yes, I could easily tell the difference: using their proxy server is a lot slower than accessing google directly.

By default, yes it does. Since your post is right on top at the moment, I'll post something I shared earlier: Here is OpenDNS response to the privacy concerns: http://www.opendns.com/support/article/244

You can easily turn off the proxy by changing your settings, under the Advanced section at the bottom.

http://blog.opendns.com/2007/05/22/google-turns-the-page/

Don't know if it's a good enough justification by itself, but at least it's a logical explanation.

You can turn this feature off. http://www.opendns.com/support/article/244 is their response to questions about privacy.

For those that have OpenDNS running, you go to Settings, Advanced and then at the bottom there is the Network Shortcuts section. Uncheck the box "Enable OpenDNS Proxy".

I have the service and I am quite happy to trade a little privacy for the content filtering done by someone else, without requiring any software installs or any maintenance of IPTables or anything else on my part. It is passive safety, I know, but gives some peace of mind with a teenager who knows his way around computers. It blocks proxies too. If there is an alternative, I'd love to read about it.

Would it be so hard to add the OpenDNS IP addresses to the story... It's not all that hard for home users to change their DNS server addresses.

Addresses: 208.67.222.222 and 208.67.220.220

Or if you need more help, look here: https://www.opendns.com/smb/start

I don't know about any of you, but I have very few popups. My trick is to run my own dns server and cacher. I just write myself in as the authoritative name server for folks like doubleclick and every other annoying ad service. Every time I find a new one, I just replace it. On top of that, I set up opendns on my servers and it filters out anything I missed. In addition, I point all the ad servers to a web server which does a few checks on the url and responds with a blank image or html page to fill in any gaps in the web site that the ad may have left. The strange park about it all is that the popups dont come up with my customized ad-block image/page. They don't come up hardly at all. Moral of the story: block it at its roots, block the dns.

Funny thing about ad-replacing web servers. I set up my web server to respond to any website and assume it was an ad request. The result was some script kidiots thought they found an open proxy and requested themselves over 9 million pages containing a "This ad was blocked" message instead of the expected yahoo account hacking and so forth. I got myself a list of commonly used yahoo password guesses (and I righteously blocked millions of crack attempts) and they got themselves a waste of their freaking time.

I used to use DNSKong on my WinXP machine, it's an excellent dynamic hosts-type DNS proxy/filtering program which can blacklist (ie., IP resolves to 127.0.0.1) or whitelist by domain pattern. There is also OpenDNS, a more managed service of this type.

I do work occasionally for the elderly in setting up WinX computers and I regularly donate my services to various individuals.
Apart from setting up their desktops as I've detailed in a previous post http://tech.slashdot.org/comments.pl?sid=1072163&cid=26221671
you need to install some helper apps.
Avast Antivirus can be set to automatically delete/quarantine anything it finds with no user action. AVG 8 free doesn't scan chat/webcam so stay away from that if they want to use it.
Find a good Hosts file: http://www.mvps.org/winhelp2002/hosts.htm is very good.
Point their DNS to OpenDns http://www.opendns.com/ and use their filtering to stop phishing and other bad stuff. It also allows you to easily make customized error pages in case they find themselves in hot water.
I would not switch off Windows Security Centre and have updates set at a reasonable time on automatic.
Windows Media Player 11 is a must and set it to do everything.
Also, set their screensaver to My Pictures Slideshow. They really appreciate that as many have pics of grandkids etc.
Some elderly need good JPG editor. The easliest to use is Microsoft's PhotoEd which came in early versions of Office, Microsoft Office Picture Manager has now replaced it. It is much better in some regards as it can open larger jpegs, but the gui is considerably different. A bit of training helps. HP scanning software is very good as it has a decent editor inbuilt. Also Picassa 3 is my choice for a freebie.

Open up their My Pictures folder and set it up in Film Strip view and to open maximized.

IE vs Firefox: I always install Firefox and set it as default. But some apps decide to run IE, even though it is not the default. IE 6 is preferable here as it is very similar to Firefox's gui. But for security's sake, IE7 should be used and some more training required in case it pops up inadvertently. If you remove the shortcuts and pin Firefox to the Start menu, then that will be fine.

One or Two clicks?
This is a hard one. Some elderly can't do a double-click fast enough or accurately enough as they move the mouse off the icon by the time the 2nd click comes along. So you have to change the mouse timing (Control Panel/Mouse Properties/Double-Click Speed), or use the single-click approach. Try and stay away from the single click, because if they double click then most probably an editor of some description open up. This is particularly bad for pictures, especially when they are in Flimstrip mode or trying to copy and paste any other file.
The other thing is to remind them to click the icon and not the words below, or otherwise they'll start editing the filename (as Rename) instead of opening something up.
Most elderly switch things completely off. That includes monitors, speakers, modems, so check the BIOS battery every year.
They also need a checklist in turning things on. This sounds dumb, but the calls I get that the internet doesn't work because they switched their modem on last gets annoying. Switch the modem on first. By the time the modem is connected, the computer has booted and they're ready to go.

Unfortunately for me, my ISP seems to have installed some sort of brain-dead filtering that interrupts continuous connections after about 2 minute and makes them hang, probably as a Bittorrent blocking feature.

Here is a tool that was made to detect reset packets forged by the ISP to kill connections.

Also, you might try using some public DNS servers, like http://www.opendns.com/

Get some filtering box for the school network, from Barracuda or somebody, and don't worry too much about the home situation.

For worried parents, aim them at OpenDNS with the porn filtering option. Tell them to reconfigure their home broadband router to use OpenDNS, and lock down the router.

For overly worried parents, suggest TrueVine, the filtered Christian dial-up ISP. "We block offensive material BEFORE it enters your home." Nobody actually buys that service for themselves, but it gives you an answer for the fanatics.

Don't need it. Just point to OpenDNS. Just change the DNS IP and customize the filtering as required. Free, easy to set up, free, has great filtering, free, also allows design of custom error pages and it's free.

Putting aside the question of whether filtering is desirable in the first place ("think of the children!"), or issues regarding the potential for future abuse (e.g., censorship of unpopular speech, and who determines what needs to be filtered in the first place) at the technical level any halfway-reliable filtering technology that peeks into the transport layer is going to add a huge amount of overhead that will increase costs and degrade performance. Good for the equipment companies, but bad for everyone who would prefer their Internet connection as dumb and fast as possible.

OTOH, OpenDNS provides a free, opt-in filtering service available to anyone who wants it. It's very easy to deploy, why not just use that?

Putting aside the question of whether filtering is desirable in the first place ("think of the children!"), or issues regarding the potential for future abuse (e.g., censorship of unpopular speech, and who determines what needs to be filtered in the first place) at the technical level any halfway-reliable filtering technology that peeks into the transport layer is going to add a huge amount of overhead that will increase costs and degrade performance. Good for the equipment companies, but bad for everyone who would prefer their Internet connection as dumb and fast as possible.

OTOH, OpenDNS provides a free, opt-in filtering service available to anyone who wants it. It's very easy to deploy, why not just use that?

This Should be able to fix it. I learned of Open DNS when I was at school and had to deal with routine DNS Server issues. Nobody would be able to do anything of much use online but I noticed that services I was already connected to would work without a problem. It turned out the DNS server's would go down fairly often.

http://www.opendns.com/homenetwork/solutions - Just use OpenDNS and don't use there servers. Take away their control.

This is one of the very reasons I started using OpenDNS, beside the fact it can filter out other garbage.

http://www.opendns.com/

http://www.opendns.com/

However this does not solve it for less technical people as they would have no idea what is going on, would have no idea how to solve it and perhaps have not even a clue that there is a problem and that they typed in something wrong.

If I were looking for nekid ladies, this might be help full. If I try to contact my bank it isn't. It could even be dangerous if things I were looking for is something similar to what I get presented as advertisement.

OpenDNS supports blocking a wide range of categories as well and does the blocking at the domain name level. And at least from my personal experience, their name servers tend to be much faster than my own ISPs servers as well.

If you are on Windows try using Treewalk and have it pointing to Open DNS. I have found this combination works VERY fast,at least for me. Treewalk will cache the DNS of the sites you use most often(so no look up at all for those) while Open DNS is usually faster than the ISPs DNS. I then have the ISP DNS set as a secondary in case Open DNS was to experience problems,and I have been using this setup for several years without a problem.

The Internet speed problem is simple: no competition. If we all have 5 or hell,even 3 competing broadband providers to choose from we could go with what served our needs best and the competition would drive them to lower prices and improve customer service. Instead we have a bunch of little monopoly fiefdoms where their only incentive is to spend as little money as absolutely necessary to maximize the quarterly profit reports. Which of course is why we are falling behind the rest of the world and will only get worse.

We need to IMHO separate the lines from the ISPs so that many companies can compete and to give a limited(LIMITED) monopoly for those that are willing to upgrade the infrastructure in the smaller markets to fiber. This way we all get better competition on the lines we have,while providing incentive to upgrade our national broadband infrastructure to fiber. But as always this is my 02c,YMMV

OpenDNS were talking about adding this as a pay-for service, which would be cheaper and easier than setting up a dedicated Linux box, which is the normal proposed solution to any problem posed to Slashdot.

Incidentally, the thread I linked has some other solutions posted in it.

It's blocked by at least one ISP here in Denmark as well. OpenDNS FTW!