1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Blocking AIM & YM

Discussion in 'HyperWRT Firmware' started by Dave77459, Dec 24, 2004.

  1. Dave77459

    Dave77459 Network Guru Member

    My kids have grown addicted to AIM, and now their grades are suffering. Is it possible to block AIM and YM using HyperWRT? I want to kill acces to AIM and YM after 9:30PM.

    I had some success with my old D-Link 624+, but the reboots got too frequent. Now I am using the WRT54G and HyperWRT. I can't find a feature to block outbound IPs/names (to block login.oscar.aol.com) unless they go to web pages. I know that blocking the login server is not quite the answer, but the port jumping on AIM makes it impractical to block :5190.

    I am using Cybersitter or something like that to block our home computer, but I have a collection of laptops too, and I don't want to spend a fortune in software costs if I can block messaging using HyperWRT.

    Ideas?

    Dave
     
  2. dellsweig

    dellsweig Network Guru Member

    Go to the access restrictions tab. Make an access list for AIM blocking - include which-ever PC's you want, add a service called AIM, add some keyword blocking oscar.aol

    Works GREAT - I use it here. Different policies for each kid too!!
     
  3. Dave77459

    Dave77459 Network Guru Member

    OK, so I have created a Internet Access Policy called "Ban Oscar" and edited the list of PCs to include the MACs of the computers the kids use. I think that is 1/2 of what you are doing.

    Now, how do I define a service for AIM?

    I tried blocking using "Website Blocking by URL Address", and it doesn't quite work. It includes "login.oscar.aol.com" and "login.glogin.messaging.aol.com" and I can at least still ping those addresses. I'll try blocking "oscar.aol" in the "Website Blocking by Keyword" fields.

    Oh, and do you do it by time? I have found with the D-Link that if the kids were logged in at 9:30, when the restrictions were enabled they could still continue on until they either disconnected or the router was rebooted. With the D-Link, spurious rebooting was almost a "feature" but with the more stable WRT54G random reboots aren't happening. When the access restrictions start, will existing connections be broken?

    Thanks for the tips!

    Dave
     
  4. Dave77459

    Dave77459 Network Guru Member

    Bump.

    I got a PM from another member who also would like to know how to block AIM and YM during portions of the day. This is a topic of interest to more than just me.

    Any help?
     
  5. boiler

    boiler Network Guru Member

    You should be able to set up rules to block port 5190 for both TCP and UDP in order to block AIM. Under Access restrictions you can add a service for AIM and then add the appropriate ports.

    Try googling "ports AIM" and if other ports show up block them too.

    I've set something up similar for MSN Messenger and MSN Mesenger file sharing. Works like a charm and the kids hate it.

    Good Luck
     
  6. FDM80

    FDM80 Network Guru Member

    I thought AIM can connect using pretty much any port, including the all powerful port 80. I thought that's why directly blocking ports won't work with that. That's my understanding.
     
  7. boiler

    boiler Network Guru Member

    AIM's default port is 5190 but, yes it can be configured from within AIM to use port 80 or any other. I believe the change must be done manually though. The kids may be able to figure it out but at least blocking port 5190 can buy you some time.

    I use Norton internet Security as a backup but it is much less flexable than setting rules in the router.
     
  8. Dave77459

    Dave77459 Network Guru Member

    The basic "problem" is that AIM is so adaptive. It can even use HTTP to work around blocking. And guess what? My 13 yo son has 13 yo friends who talk him through busting port restrictions. Just blocking 5190 isn't worth the effort, except as an exercise for him and his friends.

    What I have seen working is blocking the various addresses for the AIM login server (oscar.aol.com). Now that I know how to reboot the router using a crontab, I can break the connection before I block oscar. If I just block oscar, existing connections remain.

    The ultimate solution appears to be a netnanny type solution that blocks all AIM.EXE access after hours, but I was hoping that a router solution was available.
     

Share This Page