Buy or Renew
Buy or Renew
NOTICE: OpenDNS Service Currently Not Available To Users In Belgium. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
93
Views
0
Helpful
2
Replies

Blocked websites showing traffic on monitor

immanuelmission
Level 1
Level 1

‎03-02-2017 05:34 AM

Hi. I am the network admin at a school. I currently have the router set up with OpenDNS as well as having all computers assigned to it with DHCP. I recently got the network set up with ntop, a network monitoring software. It is reading from a mirrored port that records any traffic going to and from our router. This has been really useful for knowing when someone is blocked by OpenDNS and seeing if there is any suspicious activity during that time.

I recently saw one block to xvideos.com on our OpenDNS dashboard. I found where it was located in the network traffic and could see where it was blocked, but am also seeing several megabytes of traffic that got through.

Here is a screenshot of one of the flows:

support.opendns.com_hc_user_images_10jJglkG-HPQIhxFMD5FjQ.pngTraffic of this nature has happened several times in the past few days from the same device. When trying to go to the link, a blank page with the text "InvalidCust" appears. If I try to go to the root url (vip170.ssl.hwcdn.net) I get "MissingCust" Is there some sort of paying account for sites like this designed to get around OpenDNS? Pinging the ip (205.185.208.170) goes through without getting the OpenDNS ip in response.

Please let me know if there is any other information that could be helpful in interpreting this data. I'd rather not confront someone on the issue unless I am aware of the situation.

Thanks!

-Joel

Labels:
0 Helpful
2 Replies 2

rotblitz
Level 6
Level 6

‎03-02-2017 06:14 AM

"I am the network admin at a school. I currently have the router set up with OpenDNS "

You are not allowed to use OpenDNS.  OpenDNS is for home use only.  You had to go for Cisco Umbrella, the enterprise version of OpenDNS.

"am also seeing several megabytes of traffic that got through"

I just see 811.7 kB.

"If I try to go to the root url (vip170.ssl.hwcdn.net) I get "MissingCust""

This isn't a URL, but a domain name, especially a CDN domain.  You certainly will not find anything at the root.  It is being used to host content from xvideos.  My suggestion would be to add hwcdn.net to the blacklist after you upgraded to Umbrella.

"Is there some sort of paying account for sites like this designed to get around OpenDNS?"

No.  It's just that this and the subdomains have not been approved for an adult category in the domain tagging system, just as Content Delivery Network..
https://community.opendns.com/domaintagging/search/?q=hwcdn.net

The other domain cdn-hw-hls.xvideos.com (with related URL http://cdn-hw-hls.xvideos.com/videos/hls/57/0e/d7/570...) should probably be blocked by your settings.

"Please let me know if there is any other information that could be helpful in interpreting this data."

Yes, you contact ntop people to find out how to interpret the data.

0 Helpful

immanuelmission
Level 1
Level 1

‎03-02-2017 06:49 AM

My apologies. I wasn't aware OpenDNS wasn't for school use. I will look into umbrella. The traffic flow I posted is only one of many which is why you see the small file size.

0 Helpful
Customers Also Viewed These Support Documents