[lug] monitoring kids

Alan Robertson alanr at unix.sh
Thu May 7 18:48:20 MDT 2020 

OpenDNS provides a filtering DNS service - with dozens of filterable categories. It works well.

On Tue, May 5, 2020, at 6:06 PM, Zan Lynx wrote:
> On 5/5/2020 11:38 AM, Davide Del Vento wrote:
> > Folks,
> > 
> > For the series better late than never, I would like to track my kids use 
> > of their computers which is supposedly be only "school" and for obvious 
> > reasons has skyrocketed to a large amount of time.
> > 
> > The first kid works on a Linux box, where I am root and the kid is not, 
> > so that may be easy. The second one has a BVSD-provided chromebook where 
> > I don't even have an account (as far as I know) but I could "kindly ask" 
> > the kid to lend me the machine so I can make sure everything is safe an 
> > up to date. Alternatively, I could do something on the modem-router, 
> > which is a combined device made by Motorola, model MG7540. At this point 
> > I would only know where they are spending their time, not necessarily 
> > block things (yet?)
> > 
> > I have no idea where to start for any of the three options. I fear both 
> > https://xkcd.com/1445/ <https://xkcd.com/1445/> (or equivalently 
> > https://xkcd.com/1801/ <https://xkcd.com/1801/>) as well as not 
> > considering an option which may be the best one, simply because I do not 
> > know about it. Any insight or suggestion?
> 
> The very simplest, but also easy to evade, is to replace the local DNS 
> lookup server with one of your own, set to log all of the lookups.
> 
> I believe many people use a Raspberry Pi for this but anything will work 
> really. I have seen it done with OpenWRT so if you want to get a new 
> WiFi router and use that it would work too. I think that was someone 
> else's suggestion already.
> 
> Anyway, set up the DNS server for logging, set a network log target to a 
> remote syslog destination (rsyslog can do it), set the DHCP server 
> (probably on your router) to use that DNS and let it rip.
> 
> That lets you see the names of the sites they look up. Easy to bypass if 
> they explicitly set their own DNS or use the web browser settings to use 
> a HTTPS DNS.
> 
> Way up there in difficulty is setting up your own SSL intercept proxy 
> and using a firewall to deny any traffic it can't read.
> 
> -- 
>                  Knowledge is Power -- Power Corrupts
>                          Study Hard -- Be Evil
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety

-- 
  Alan Robertson
  alanr at unix.sh

More information about the LUG mailing list