Yes, there are lots of ways to get around SurfControl, and the users know it. They're probably like the kids I got here, they keep trying constantly, looking for a hole. All it takes is for them to find a momentary lapse in blocking, and they'll start checking non-stop afterwards. For example, we had SurfControl problems last Friday, where the database got corrupt and the service shut itself down. We couldn't fix it without taking the entire Internet Access down, so we decided to run for the last couple of hours without it. It took them about five minutes to figure that out, and immediately several of them were hitting every naughty site they could think of. We disconnected several sessions, and disabled a few accounts to slow it down, but you could tell the word was spreading fast. If the bell hadn't rung right about then, we would have had to shut down all connections. While recreating the rules after rebuilding SurfControl, we decided to block the Games category, as nearly a third of our daily traffic was Shockwave games. It took them less than an hour to figure out how to go through Russian websites to play anyways. As we find the websites, we submit them to SurfControl to add them to their database, but it won't stop them. If they want to check their e-mail, they can find a e-mail proxy that isn't in the SurfControl database that will access their e-mail anyways. Your blocking is only as good as the URL database. If you don't keep updating that constantly it'll be terribly out of date within a month or so. We found several little quirks with SurfControl also, like if you add the Web-Based E-Mail category into the same rule as the Executables to block both, neither will work. If I hadn't the real-time monitor up to see where they were going (Hint: change the color of certain categories to highlight activity), I probably wouldn't have noticed that they weren't being blocked. After today though, with an incident involving protests over blocking web journals, I'm going to modify my blocked page to include a copy of our AUP. -----Original Message----- From: Dan Crain [mailto:DanC@xxxxxxxxxxxx] Sent: Thursday, April 28, 2005 15:40 To: [ISAserver.org Discussion List] Subject: [isalist] A Question? Or just an observation... http://www.ISAserver.org Can Surfcontrol be missing some blocked sites? This person tries everyday to check their home email, I get an email saying she was blocked. She tried 13 times today. Now..is it missing being blocked soemtimes that she feels like gambling it will work. Is there someway to put a buzzer sound that will come through on the blocked sites? Maybe a little shock through the keyboard? Actually, from the emails I get from the server, everyone has to try a blocked site at least 3 times before they actually believe they can't get onto it. Well, glad to see my server works..it's nice to see a non-problem on here every now and then... Dan Daniel A. Crain Systems Administrator Dean, Ringers, Morgan and Lawton, P.A. 201 E. Pine Street, Suite 1200 Orlando, FL 32802 Phone: (407) 422-4310 DanC@xxxxxxxxxxxx To err is human, but to really foul things up requires a computer. Farmers' Almanac, 1978