Setting up a Hosts File

To those asking whether a HOSTS file whilst using IE-SPYAD is necessary, this is taken from the Read Me file included with the program itself:-

"If I use a HOSTS file, why do I need IE-SPYAD?

If you use one of the many custom HOSTS files available on the Net for ad blocking, your HOSTS file will block most ad servers before your browser ever manages to contact them, but there will be occasions when the Restricted sites zone comes in handy. Online marketers are always adding new servers to their stable of ad servers. The HOSTS file (which can be told only about individual servers -- e.g., www.doubleclick.com or ads.doubleclick.com) might not include some of these newer servers, in which case the Restricted sites zone (which can restrict whole domains -- e.g., every server at doubleclick.com) will pick them up.

For example, the HOSTS file might know about the ad server adsel16.imgis.com, but if that online marketer starts using adsel66.imgis.com, HOSTS might not recognize it, letting it pass through to your browser. The Restricted sites zone, however, has been told to restrict everything from *.imgis.com (where * is a "wild card" character), and will prevent that ad server from putting a "cookie" on your hard drive once your browser does contact adsel66.imgis.com.

In other words, the Restricted sites zone is a kind of insurance policy. Ad servers that pass through the HOSTS file just fine will be restricted by the Restricted sites zone.

The one real advantage to using the HOSTS file is that it works at the networking level, blocking ALL outbound network traffic to specified servers, whereas IE's Restricted sites zone (obviously) works only for Internet Explorer. This aspect of the HOSTS file makes it especially useful for controlling Internet access for non-web browser applications like "adware" or "spyware."

If you're wondering, I use BOTH, and I've never experienced any appreciable performance hit."

I hope this clears up any doubts.

 

Continuing the route idea. There is a program called DNSKong, which uses a similar approach to the hosts file, although you have mulitple text files which are basically filter sets. Sort of a pass or fail file. Seems to definately offer more creativity than the hosts file.

Playing with the route tables, that is a pretty direct approach. I have found that you can route it back to yourself or route it to a non used ip on your subnet. I also read about setting localhost in the registry as your first in line DNS entry. Still playing with the ramifications of that.

Here is a question. If you are using route to add an ip, can you use the subnet mask to filter a certain number of ip's after the initial ip? As in 33.33.33.1, subnetting 255.255.255.255 is for that on ip. Looking further at subnet calculations, I see that using 255.255.255.248 should filter out 8 ip's, starting with .1 . Or, am I incorrect. I tried using the MASK option for route, but something is not right.

Still trying to find a way to have the OS block a net block or 'subnet' of ip's instead of using software to do it. RIAA guard seems to do it, as well as a plug in for the firewall I use. However, I would like to stop it before it gets to the software.

What do you think? Is this line of thought going anywhere?

 

I guess this routing idea is best handled by a firewall application that is capable of importing a list of ip-addresses and ranges you want to block. If I am not misinformed, Outpost is able to import the Agnis list maintaned by Eric Howes (see http://www.spywarewarrior.com/uiuc/main.htm).

By the way, here is the logic of specifying ranges through the subnet mask:

33.33.33.0 255.255.255.255 = 33.33.33.0 only.
33.33.33.1 255.255.255.255 = 33.33.33.1 only.
33.33.33.2 255.255.255.255 = 33.33.33.2 only.
etc.

33.33.33.0 255.255.255.254 = 33.33.33.0 - 1.
33.33.33.2 255.255.255.254 = 33.33.33.2 - 3.
33.33.33.4 255.255.255.254 = 33.33.33.4 - 5.
33.33.33.6 255.255.255.254 = 33.33.33.6 - 7.
33.33.33.8 255.255.255.254 = 33.33.33.8 - 9.
etc.

33.33.33.0 255.255.255.253 = 33.33.33.0 - 3.
33.33.33.4 255.255.255.253 = 33.33.33.4 - 7.
33.33.33.8 255.255.255.253 = 33.33.33.8 - 11.
33.33.33.12 255.255.255.253 = 33.33.33.12 - 15.
33.33.33.16 255.255.255.253 = 33.33.33.16 - 19.
33.33.33.20 255.255.255.253 = 33.33.33.20 - 23.
etc.

33.33.33.0 255.255.255.252 = 33.33.33.0 - 7.
33.33.33.8 255.255.255.252 = 33.33.33.8 - 15.
33.33.33.16 255.255.255.252 = 33.33.33.16 - 23.
33.33.33.24 255.255.255.252 = 33.33.33.24 - 31.
33.33.33.32 255.255.255.252 = 33.33.33.32 - 39.
33.33.33.40 255.255.255.252 = 33.33.33.40 - 47.
etc.

33.33.33.0 255.255.255.251 = 33.33.33.0 - 15.
33.33.33.16 255.255.255.251 = 33.33.33.16 - 31.
33.33.33.32 255.255.255.251 = 33.33.33.32 - 47.
33.33.33.48 255.255.255.251 = 33.33.33.48 - 63.
33.33.33.64 255.255.255.251 = 33.33.33.64 - 79.
etc.

33.33.33.0 255.255.255.250 = 33.33.33.0 - 31.
33.33.33.32 255.255.255.250 = 33.33.33.32 - 63.
33.33.33.64 255.255.255.250 = 33.33.33.64 - 95.
33.33.33.96 255.255.255.250 = 33.33.33.96 - 127.
etc.

 

Nice. That did it. Don't know why i could not get it to work before. But it is now.

You are correct about outpost. Alos there is a plugin that blocks them too. However, I am looking for a way to block specfic and limited ip ranges only for applications that i do not want to get 'out' of my box.

For instance, prevx2, which i use, is really a discontinued product now. So now updates etc. So instead of making rules in the firewall, I have added this

route add 62.189.127.192 MASK 255.255.255.250 192.168.1.2

Which effectively blocks any and all communications with the whole netblock for prevx. I have similar situations that I am going to use it on. The only reason really to do this is because prevx has 27 URL/DNS aliases. Starting with act.prevx.com to act9.prevx.com, same with eld.prevx.com and wip.prevx.com. So, that is 28 total entries in the hosts file, which would do it. But, if they have other aliases which I do not know about, the route method takes care of any and all of them.

Not to mention it is something new to learn.

Thanks for the replies.
sul

 

Sully, you better use the -p switch to make the route survive a reboot (route -p add .....).

 

Yeah. I am writing up an autoIT script to put them into the registry for me. I am thinking of making a small gui to both manage what to delete or add as well as pull up whois/arin records so to have one interface to do it from.

Thanks for the heads up tho.

sul

 

Unrestricting a HOST restricted server.

I have a web asdress (bravenet.com) which I cannot access because it is restricted. How can I UNrestrict it?

 

Read all about hosts file here

Gerard

 

hostsman link deaD try here
(http://www.yankeedownload.com/free-download/2154/HostsMan.html)

 

direct link download

(~~removed~~)

 

i made a small script that manages persistent routes. GUI shell. IP lookup per domain name. Returns ip or multiple ip's and routes them to x.x.x.250.

Simple and effective. Only using it to stop applications that want to go 'out'. Experimenting to see if this is less resource load than applying firewall rules. Also, I think a benefeit because it is at lower layer than firewall. Presumebly anyway. I have yet to determine how this affects performance. Might be that there is a finite number of entries for performance. That's ok, as I only have a half dozen ip's that i need to do this with anyway.

One nice part is i can code it to do remote registry editing too. So all the computers at work can be managed from mine.

If anyone is interested I will post the script (uncompiled). Only about 8kb.

sul