1-) I'm wondering what these two connections in the screenshot(other than broadcasthost) do and which windows services start them: https://s14.postimg.org/ar99kex35/host_process.jpg Edit: 2-) Spotify and Steam(and probably some other programs) make a http connection to clients.I.google.com. Low amount of daha goes thru : 5-10 kb I tried blocking clients.I.google.com, it still popped up as a connection. Maybe I need other domain names to block those, any ideas?
bopbop, interesting you mentioning clients.I.google.com - it was just yesterday I was wondering about this and why it appeared on a particular website I go to and on which I don't want anything to do with google showing itself. In fact I'm on a mission to stomp on anything google everywhere except when I go to youtube and even then only allow minimal stuff to see what I want to see. Compartmentalization helps in this cause. Anyway I saw the same google thing in smartsniff. I blocked the ip address (range) in my FW and the site no longer showed the google entry BUT some time later when I went back it does what google loves to do - come at you from another ip address range. I decided to block google.com in uMatrix and it hasn't shown up since.
Let's be friends. As for umatrix its only gonna help you when browsing Need a way to block google for desktop applications We probably need right domain names for hosts file
Yes for hosts file you need a domain that will resolve to IP you want to block. Sometimes you can use IPlookup to check if there is any domain on specific IP address.
Code: 1) clients.I.google.com 2) clients.l.google.com First does not appear to exist. Second one is well known. Example: POST http://clients1.google.com/ocsp clients1.google.com CNAME clients.l.google.com while visiting https://www.google.com. Look at its certificate.
Yes, I noticed that svchost.exe often wants to connect to Akamai which is a service related to internet speed optimization. I try to block this as much as possible, and my Internet connection keeps working at the same speed. So I wonder what's up with this.
Again, I think you can run into issues if you hosts file block the CNAME (canonical name) of a server rather than the server itself. By way of an analogy: You want to telephone Bob Jones. You grab your personal address book and lookup Bob Jones. No number listed. So you call directory assistance. The agent tells you that Bob Jones proper name is Robert Jones and his phone number is X. What do you do now? Do you call X? Do you go to your personal address book again, look up Robert Jones this time, to see if you have him in there under a different number Y? Here is an example that appears to be easier/safer for testing purposes. Although IP Address appears to vary by region the CNAMEs appear consistent. Feel free to double check, but here goes: www.msnbc.com www.msnbc.com has a CNAME of msnbc.com.edgekey.net msnbc.com.edgekey.net has a CNAME of e8169.dscb.akamaiedge.net e8169.dscb.akamaiedge.net has an A of 104.107.109.65 So www.msnbc.com = 104.107.109.65 in this case. If you block e8169.dscb.akamaiedge.net and/or msnbc.com.edgekey.net in your hosts file (rather than www.msnbc.com) does that prevent you from reaching www.msnbc.com? It doesn't for me on Windows 7, and I took steps to avoid caching issues.
Correct. Putting only msnbc.com.edgekey.net & e8169.dscb.akamaiedge.net in hosts file allows connection to msnbc.com. Putting only msnbc.com (2 entry lines) in hosts file blocks that server. NOTE: Putting IP Address 104.107.109.65 in my firewall IP blocking rules doesn't stop me from connecting to msnbc.com.
BTW, if you want to block hosts/domains at the system level you could look into DNS proxies. Which can support wildcards/pattern-matching and some other useful features. One example is Acrylic: http://mayakron.altervista.org/wikibase/show.php?id=AcrylicFAQ. If you decide to use a local proxy I would suggest some testing to determine if it interferes with your software firewall's ability to recognize/block DNS on an originating process basis (all DNS requests might appear to come from the proxy itself). I don't know if any software firewalls have similar functionality built-in but that might be something to look for and/or request. Edit: Given that certificate related checks (CRL, OCSP) are of special importance (most would choose to allow them) here are a few lists I found: http://uptime.netcraft.com/perf/reports/performance/OCSP https://www.pkicloud.com/ocsp-stats.html https://github.com/pyllyukko/user.js/issues/73