can i block a specific IP using the host files?

Discussion in 'other software & services' started by mantra, Feb 21, 2011.

Thread Status:
Not open for further replies.
  1. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,119
    Hi


    can i block a specific ip using the host file , without write the name of the site?

    for example i want to block this ip -> 195.244.116.92

    it's just an example

    i edit the host file like
    Code:
    127.0.0.1       localhost
    127.0.0.1       195.244.116.92
    but seems it doesn't work

    what's the problems?

    i have a firewall , but i would love to know if i can block an ip editing the host

    thanks
    cheers
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    hosts file only block ip address tied to a host name so 195.244.116.92 = www.somesite.org
     
  3. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
  4. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,119
    thanks a lot for the link file host editor

    but peerblock should be loaded in memory to block the ips ? like a firewall ?

    thanks again
     
  5. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,119
    is there a way to have with precision the host name from an ip?
     
  6. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
    You are welcome.

    That's right. To make it suitable for your needs you can disable all other lists (except one you created) in PB - it will run faster at startup without checking/loading/downloading all other lists from the Internet.

    I don't use PB at daily usage since I don't need to block any IPs so far. (BTW. It uses ~2-5MB RAM on my machine).

    Please note: if your firewall allows you to specify IP address for in/out connection like eg. LNS - then you will be able block single IP address. But... if you have long list of IPs that you want to block more flexible/efficient will be PeerBlock in that case.
     
    Last edited: Feb 21, 2011
  7. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
    This is not so precise as we all would like but you can try to do a little investigation:

    http://whois.domaintools.com/195.244.116.92
    You can see netname and descr and also IP range:

    inetnum: 195.244.116.80 - 195.244.116.95
    netname: ICE-HOUSING-NET1
    descr: ICESTORM Entertainment GmbH

    Search in google about this company and you will find site: icestorm.de

    Now ping this domain:

    ping icestorm.de
    ~pings this IP:
    [195.244.116.90]

    HTH
     
  8. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Hosts file is useful for a NAME that may have a dynamic IP. You put in
    127.0.0.1 sample-site.com
    and no matter what that IP is, it will redirect it back to localhost.

    A long time ago, when Prevx first came out, I used it. Later, they dropped the updates for the original free version. What they did was OK, but it always tried to update. I believe they changed the update servers or something. Anyway, it amounted to a netblock of IP addresses, and a number of different names. My host file had I believe a dozen entries, something like

    127.0.0.1 prevx.update.1.com
    127.0.0.1 prevx.update.2.com

    (just an example, not real names ;) )

    I was looking for a way to minimize the number of hosts entries, because I only needed to block a couple IP addresses. At that time I made a little tool I called IPPT. Don't remember what the name meant, or really how it works as it was quite awhile ago.

    Anyway, what I did, because M$ gave me no other method, was to make a persistent route for an IP address. Something like
    route
    IP Address 1.2.3.4 (the address you want to block)
    on subnet
    255.255.255.255
    to non-existent network IP of LAN
    192.168.1.250

    All this did was to say any traffic heading to 1.2.3.4 was to be routed to 192.168.1.250 as the gateway (instead of the real 192.168.1.1 gateway). It meant that those packets were routed to an unused IP on my LAN, and they were blocked from going online.

    If I were to do this now, I would probably use IPSEC to do it.

    Just some food for thought :)

    Sul.
     
Loading...
Thread Status:
Not open for further replies.