Hacking Question Disabling internet access on Switch via router settings (MAC)

therealhoothoot · Nov 8, 2018

I want to disable internet access for my Switch so it can't send any data to Nintendo servers while I'm home. I was thinking to add the mac address to my router and to disable internet connection from there so I can still access my network and possibly send files through network rather than USB.

What kind of DNS settings would I require and what else would I need to do so that it can't get internet access? I'm on a D-Link DIR-850L router. Switch 6.0.1

Draxzelex · Nov 8, 2018

https://gbatemp.net/threads/90dns-dns-server-for-blocking-all-nintendo-servers.516234/

therealhoothoot · Nov 8, 2018

That is to disable Nintendo servers and allow anything else. I want to disable every access.

Taorn · Nov 8, 2018

What router do you have? Maybe it has the possibility to enforce a whitelist on devices. This would allow you, to limit the internet access on your switch to certain domains.

therealhoothoot · Nov 8, 2018

Taorn said:
What router do you have? Maybe it has the possibility to enforce a white list on devices. This would allow you, to limit the internet access on your switch to certain domains.

D-Link DIR-850L.

So instead of blacklisting Nintendo servers (90DNS) you mean to block all access and whitelist only certain domains? (Like Youtube, since it released today)

chaos_jockey · Nov 8, 2018

therealhoothoot said:
That is to disable Nintendo servers and allow anything else. I want to disable every access.

I'm not sure what can be about host files on the switch, but if you've got a router with URL, DNS, AiProtection, etc... Advanced routing configurations in general should alllow for you to block url/ip/etc connections per MAC address. Make sure your switch has a static IP (set via router administration is best) and configure the exclusions. I'm running Asus-Merlin-Koolshare on my Netgear R8000 so doing this is pretty easy being I'm able to just close all connections.

Another thing you could do is host your own DNS, configure it with wild cards so it literally blocks all IPs (*.*.*.*) and point your dns on your switch to the ip of the device you're hosting on. As of late I've been nose deep in PS4 homebrew and there are many ways you can easily permanently host your own "fake" DNS

D-Link DIR-850L

Doesn't look like DDWRT is supported and it appears to be quite the hassle to filter IPs/URLs, but if you really want under the advanced tab of your router configuration there's Access Control on the left enable it and start adding policies. Here's the pdf to do this with your specific router http://files.dlink.com.au/products/...o_I_block_access_to_specific_IP_addresses.pdf

cammelspit · Nov 8, 2018

Yeah, I have done this and it doesn't work. I just enforced a block on my switch's IP, which has a static arp entry based on it's MAC. I use pfSense, essentially the most advanced router/firewall solution you can get without getting real enterprise-grade hardware and software, and many enterprises use it too. The problem is, if you block the Switch's ability to access the internet it will also refuse to connect the network altogether meaning you can't FTP or otherwise use your Switch's networked capability. I am skeptical about the DNS settings thing, I believe it doesn't work. I tried it and still got the prompts for updates and they would even install, my Switch is not yet hacked and I was experimenting for when I decide to take the plunge.

You will have to use a proper IDS/IPS solution, I would use Suricata on my pfSense VM running on my home server, and by inspecting the internet access coming from the Switch, you should be able to fully block out Nintendos servers without totally blocking all internet access entirely, especially considering the DNS solution seems to not work.

If anyone has any other ideas as to why the DNS method is trash, let me know because I would love to be wrong about that.

MasterZoilus · Nov 8, 2018

this makes ZERO sense

why don't you just hit CLEAR on your internet settings in the switch?? I mean if the switch connects to ANY internet, it can make a connection to nintendo regardless of at home or in a cafe or whatever unless you use a special DNS...if you don't want to use that special DNS...then clear the settings out, what is the point of doing it on the router?? if you clear the settings out it won't EVEN show on the router, how much more safer can you get than that?

Because if you leave the settings in the switch and you want to turn it off in the router , isn't that the EXACT same thing? Because then when ever you do want to go online, guess what, you have to use ANOTHER device to log into your router so you can activate the switch....so why not just LOG IN on the switch by typing the user and password which avoids you having to use another device and has the exact same effect...but easier!!??

therealhoothoot · Nov 8, 2018

MasterZoilus said:
this makes ZERO sense

why don't you just hit CLEAR on your internet settings in the switch?? I mean if the switch connects to ANY internet, it can make a connection to nintendo regardless of at home or in a cafe or whatever unless you use a special DNS...if you don't want to use that special DNS...then clear the settings out, what is the point?

Because if you leave the settings in the switch and you want to turn it off in the router , isn't that the EXACT same thing? Because then when ever you do want to go online, guess what, you have to use ANOTHER device to log into your router so you can activate the switch....so why not just LOG IN on the switch by typing the user and password which avoids you having to use another device and has the exact same effect...but easier!!??

You okay buddy? You sound very angry.

I don't take my Switch outside of my house, and even if I did I would simply know not to connect to any Wifi network. And if you had bothered to read my entire opening post then you would have read that I want to be able to connected to my NETWORK so I can do transfers over network instead of USB. You can still be connected to a network WITHOUT having INTERNET.

See how using capitalized words is annoying?

chaos_jockey · Nov 8, 2018

I tried it and still got the prompts for updates and they would even install, my Switch is not yet hacked and I was experimenting for when I decide to take the plunge.

I've managed to curb update prompts by clearing the updates before and after entering airplane mode and maintaining a fake DNS (first was via my desktop but now it sits idly by on my router) and by blocking virtually all IPs and ports. FTP is purely a luxury and if you have a USB 3 or better card reader theoretically you'll get in to the game faster by transferring data that way. RCM is a pain and it's currently necessary but there's always autoRCM which makes SD card removal/management a breeze, With all that said, you should triple check your network configuration, pfSense has every right to claim to be the best at what it offers, just like every other firewall service out there. Relying on how they (other people in general but doubly so for businesses) believe things should be configured isn't a good idea, especially for those who don't understand (I AM NOT SAYING THIS IS YOU) how it works OR if simply believe them because they say it "works".

A fence of text later; I haven't had any issues with my configuration but then again I've been acting like a forensic analyst making sure everything is accounted for because frack that ban hammer.

cammelspit · Nov 8, 2018

Lol, Frankly pfSense is just too hard for most typical users. I use it because it does precisely what I want in exactly the way I tell it regardless of anything else, sanity be damned. I would prefer to just keep my Switch connected to my network and have literally zero internet access. All Nintendo has to do is change their IP and everyone with the DNS hack applied gets an instant ban and didn't have any way to get around it.

MasterZoilus · Nov 9, 2018

therealhoothoot said:
You okay buddy? You sound very angry.

I don't take my Switch outside of my house, and even if I did I would simply know not to connect to any Wifi network. And if you had bothered to read my entire opening post then you would have read that I want to be able to connected to my NETWORK so I can do transfers over network instead of USB. You can still be connected to a network WITHOUT having INTERNET.

See how using capitalized words is annoying?

You should know the difference between angry and bewildered ...obviously you're a millennial so you don't

next, if you block the switch on your router your pc nor anything else will see it, that's how it is with everything , amazing you think you know so much but don't know THAT!

And if you wanted to block everything why NOT just do the MOST COMMON SENSE THING and black list key words or phrases for the switch on the router?? Like www, .com, .net, .org http, https, and be done with it? Access will not be given to the switch if it tries to connect to any site with any of those things in the address and its a one time deal and done. This very basic knowledge has been around since the advent of routers.

And you're really telling me about being connected to home network without internet? seriously , you must think everybody is a noob and as NOT intelligent as you. lol
Hell, I have my switch connected wireless to a phone that i use as a server and a hot spot and the phone blocks the switch from going out of the network and I use my other
phone to transfer stuff right to the switch... I don't even have to be at home to do so, I can do it from ANYWHERE and I mean ANYWHERE.

Oh and caps are used to emphasize, it's part of grammar , which clearly you don't know either. If you don't like caps, get off the internet, you won't be missed bruh! And since they did obviously annoy YOU then that means YOU'RE MAD BRO! ahahaha

therealhoothoot · Nov 9, 2018

MasterZoilus said:
You should know the difference between angry and bewildered ...obviously you're a millennial so you don't

If you don't like caps, get off the internet, you won't be missed bruh! And since they did obviously annoy YOU then that means YOU'RE MAD BRO! ahahaha

Pot, kettle, black. "bruh"

You really did some mental gymnastics over there. Blocking keywords like "http" and .com is your great answer? What about other domain names? Lol. Clearly you don't know what you're talking about yourself, and you sound exactly like the person you described. Trying to hard to sound like an intellectual so he throws out some technical terms and hope nobody notices it that it doesn't make sense.

I tip my fedora to your, Sir.

MasterZoilus · Nov 9, 2018

therealhoothoot said:
Pot, kettle, black. "bruh"

You really did some mental gymnastics over there. Blocking keywords like "http" and .com is your great answer? What about other domain names? Lol. Clearly you don't know what you're talking about yourself, and you sound exactly like the person you described. Trying to hard to sound like an intellectual so he throws out some technical terms and hope nobody notices it that it doesn't make sense.

I tip my fedora to your, Sir.

lol yeah such a simple answer that you couldn't even come up with it! and you don't need to block other domain names , putting just http will block ANYTHING with http in it putting .com will block anything with that in it, no need to write out the entire domain. Yeah you're trying to save face .....and yes I do know, far far far more than you. I've actually made tutorials on how to do it, it works, every time. Before you say that I don't know what im talking about ...how about proving that I don't, because if you stopped being so lazy trying to find a ONE BUTTON solution that doesn't exist and actually tried what i said you would have already found the solution .

To do what you want there are only 3 ways

1. either blacklisting words/phrases (or sites themselves which is more time consuming and can change anyway) in the router for the switch

2. disconnecting your router from the internet

3. Set up a different network/hotspot that has no access to the internet

that's it period, there is no other way...but continue to waste YOUR time looking for one....continue to think you know more, continue to insult the people who are smarter than you and continue to think that what YOU think is true...when it isn't, it just makes you come off looking like a dingle-berry noob cherry. Good luck... although there is no cure for stupid, so I'm afraid you're stuck always being the guy looking for solutions and not the one giving them. Im done with you, insect beneath me , not worth anymore time than what i've given.

chaos_jockey · Dec 6, 2018

MasterZoilus said:
lol yeah such a simple answer that you couldn't even come up with it! and you don't need to block other domain names , putting just http will block ANYTHING with http in it putting .com will block anything with that in it, no need to write out the entire domain. Yeah you're trying to save face .....and yes I do know, far far far more than you. I've actually made tutorials on how to do it, it works, every time. Before you say that I don't know what im talking about ...how about proving that I don't, because if you stopped being so lazy trying to find a ONE BUTTON solution that doesn't exist and actually tried what i said you would have already found the solution .

To do what you want there are only 3 ways

1. either blacklisting words/phrases (or sites themselves which is more time consuming and can change anyway) in the router for the switch

2. disconnecting your router from the internet

3. Set up a different network/hotspot that has no access to the internet

that's it period, there is no other way...but continue to waste YOUR time looking for one....continue to think you know more, continue to insult the people who are smarter than you and continue to think that what YOU think is true...when it isn't, it just makes you come off looking like a dingle-berry noob cherry. Good luck... although there is no cure for stupid, so I'm afraid you're stuck always being the guy looking for solutions and not the one giving them. Im done with you, insect beneath me , not worth anymore time than what i've given.

Is it just me or do most of the members who have this attitude come over from Reddit? The scene subs on Reddit are full of these "I inject payload therefore am hacker and computer wiz." In regards to this thread there was a similar post made and two or three people (myself included) informed OP in the same manner all to be downvoted because "There had to be some other way." Nope not yet, but trust me, if there's a breakthrough the community will know; otherwise: just. delete. your. network. settings. Easy peasy.

tretor · Dec 6, 2018

I have ASUS router and I use router's parental control for this. I just disabled internet access for Switch MAC address, LAN access works and I use it for FTP.

It's only partially true that you cannot connect your Switch to such connection (without internet access). In fact you can connect, but it's a bit tricky and works only until you put your console to sleep, then you need manually reconnect, everytime.

So you have to manually connect thru Switch Internet Settings, you will get prompt about no internet access, press OK, than back, wait a second, then Switch should automatically open your web browser, just press HOME and it's done, you are connected to your wifi with LAN access only.
But switch is automatically disconnected from such network once it enters Sleep mode.

chaos_jockey · Dec 6, 2018

tretor said:
I have ASUS router and I use router's parental control for this. I just disabled internet access for Switch MAC address, LAN access works and I use it for FTP.

It's only partially true that you cannot connect your Switch to such connection (without internet access). In fact you can connect, but it's a bit tricky and works only until you put your console to sleep, then you need manually reconnect, everytime.

So you have to manually connect thru Switch Internet Settings, you will get prompt about no internet access, press OK, than back, wait a second, then Switch should automatically open your web browser, just press HOME and it's done, you are connected to your wifi with LAN access only.
But switch is automatically disconnected from such network once it enters Sleep mode.

I wonder if there's a way to modify the network discovery config (or whatever) to remain connected to networks without internet connectivity, obviously it favors internet connected access points but why? Rhetorical, obviously, but that why may be able to be modified.

p3el05 · Feb 15, 2019

cammelspit said:
Yeah, I have done this and it doesn't work. I just enforced a block on my switch's IP, which has a static arp entry based on it's MAC. I use pfSense, essentially the most advanced router/firewall solution you can get without getting real enterprise-grade hardware and software, and many enterprises use it too. The problem is, if you block the Switch's ability to access the internet it will also refuse to connect the network altogether meaning you can't FTP or otherwise use your Switch's networked capability. I am skeptical about the DNS settings thing, I believe it doesn't work. I tried it and still got the prompts for updates and they would even install, my Switch is not yet hacked and I was experimenting for when I decide to take the plunge.

You will have to use a proper IDS/IPS solution, I would use Suricata on my pfSense VM running on my home server, and by inspecting the internet access coming from the Switch, you should be able to fully block out Nintendos servers without totally blocking all internet access entirely, especially considering the DNS solution seems to not work.

If anyone has any other ideas as to why the DNS method is trash, let me know because I would love to be wrong about that.

have you tried this on pfsense? https://forum.netgate.com/topic/88335/blocking-internet-access-for-a-device

mdmachine · Feb 15, 2019

Get a (better) router that supports some form of dd-wrt then you can allow your local network and block external connections. There's plenty of documentation out there for dd-wrt to do this.

p3el05 · Feb 15, 2019

mdmachine said:
Get a (better) router that supports some form of dd-wrt then you can allow your local network and block external connections. There's plenty of documentation out there for dd-wrt to do this.

If you like DD-WRT I suggest you check out Pfsense, it is far more configurable than DD-WRT, I used DD-WRT for years before pfsense and still use 2 x routers running a modified version of it (advanced tomato) ..

As for 'better' router.. Pfsense sense runs on a dedicated i5 pc with 8GB RAM, and 2 x netgear R7000 based routers connect via it..

Hacking Question Disabling internet access on Switch via router settings (MAC)

Active Member

Well-Known Member

Active Member

Well-Known Member

Active Member

Active Member

Well-Known Member

Well-Known Member

Active Member

Active Member

Well-Known Member

Well-Known Member

Active Member

Well-Known Member

Active Member

Member

Active Member

Well-Known Member

Well-Known Member

Well-Known Member

Similar threads

Popular threads in this forum