NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

bspennington's avatar
bspennington
Tutor
Sep 23, 2021

Netgear Parental Controls not blocking iMessages

Pausing internet with Netgear Parental Controls (Bedtime, Off Time, and manually pausing) successfully blocks http/s traffic but is allowing iMessages on wifi-only (NOT cell-enabled) Apple devices - ...
CrimpOn's avatar
CrimpOn
Guru - Experienced User
Sep 24, 2021

This is an example of the confusion caused by not having:

  • A written user manual explaining what the Parental Controls is intended to do.
  • A technical explanation of how Parental Controls functions.

This puts Parental Controls in the same category as the entire Advanced Tab of the Orbi web interface, but the web interface has some "Help" text for each page.

 

My parents no longer living with us, I have no need to control them and have never activated Parental Controls.  (Why pay for something and have no reason to use it?) So, I can only speculate about SPC.

 

One really cumbersome way to enforce an internet ban would be to use the "Block Services" capability in the Advanced Tab, Security Menu. Block all 65,353 TCP and UDP ports for a specific IP address.  If new devices are prevented from joining the network (Access Control) and all IP addresses are allocated in the LAN Setup table, then this should definitely kill all internet use. After the rule has been set up, just open the Block Services web page and change "Never" to "Always".  Want it back, change from "Always" to "Never".  But... what a pain in the .......

 

Silly me, I had imagined that Parental Controls was a convenient way to do this from a smartphone app with a simple slider.

 

(p.s. Yes, I know that Parental Controls is to enable parents to control, not to control parents.)

bspennington's avatar
bspennington
Tutor
Sep 24, 2021

Already tried blocking specific TCP/UDP ports, but definitely not a feasible or long-term solution. Again, I'd expect that pausing internet would mean . . . pausing internet (ALL 65,535 ports). I'm hoping that Netgear is monitoring the community messages and will see that the new SPC subscription service contains a major flaw and gap.

  • CrimpOn's avatar
    CrimpOn
    Guru - Experienced User
    Sep 24, 2021

    I am 99% certain that Netgear is not monitoring the community forum.  You might get someone's attention by sending a private message to the person who announced the availability of Smart Parental Control by clicking on the screen name.

  • FURRYe38's avatar
    FURRYe38
    Guru - Experienced User
    Sep 27, 2021

    You'll have to contact Apple and see if iMessages can be blocked or not. iMessage is SMS and Text messages app that is also tied and connects to Cell phoneservices. So even if WiFi router blocked iMessages, the app will switch to cell services which is its main conenction to the text and messages services thru cell services. Something no wifi router mfr has control over. This is not a flaw in NG products. 

    bspennington wrote:

    Already tried blocking specific TCP/UDP ports, but definitely not a feasible or long-term solution. Again, I'd expect that pausing internet would mean . . . pausing internet (ALL 65,535 ports). I'm hoping that Netgear is monitoring the community messages and will see that the new SPC subscription service contains a major flaw and gap.

     

    • bspennington's avatar
      bspennington
      Tutor
      Sep 27, 2021

      There are no cell services associated with the devices that I'm trying to limit. An iPod, for example, is wifi only. If NG SPC were to pause all internet traffic, as implied by "pause internet", iMessages would not work.

      • CrimpOn's avatar
        CrimpOn
        Guru - Experienced User
        Sep 28, 2021

        My understanding of Parental Controls is truly primitive. For example, it is not clear to me whether Parental Controls apply to "only internet traffic", or to both internet and LAN traffic.  My guess is that 99% of customers have no local resources for minors to use and thus the intent is probably "only internet".

         

        Apple iMessage is also confusing because it seems to use ports 80, 443, and 5223.  The issue could be as simple as Negear forgot to block TCP port 5223.  That can be done easily with the Orbi "Block Sites" feature, but the on/off issue remains. My research into iMessage is inconsistent: there are places that say the connection with Apple is on port 5223, but then other places mention if 5223 is not available is uses 80 and 443.  Very confusing.

         

        There is also the aspect that iMessage employs the Apple Push Notification System (APNS) on port 5223. When a device connects to a network, it opens an APNS tunnel to Apple servers.  I wonder, maybe the issue is that SPC blocks creation of new connections, but does nothing about existing connections. if those Apple devices (iPod, for example) disconnect from the network and then reconnect (or do a power off/on), do they continue to get iMessages when SPC has them "off the internet"??

         

        Normal web traffic, for example, does not maintain long term connections. A typical web page may open 100 URL's as separate connections.  In the beginning of the web, this was one of the design goals that frustrated people so much: no persistant connections.  The whole business of cookies came about in order to track session status.

         

        Besides the iPod, another way to test this theory would be to put a random Internet of Things (IoT) device in an SPC pool. Those devices open a connection to the cloud that stays open as long as the device is powered on.  When a user wants to control the device, their smartphone app makes a connection to the cloud, which uses that open connection to reach the device.

         

        Of course, none of my rambling solves the underlying problem.  I would appreciate if you could test the "open connection" theory.