Is anyone interested in a Hosts File Project?

Discussion in 'other security issues & news' started by dog, Mar 6, 2005.

Thread Status:
Not open for further replies.
  1. dog

    dog Guest

    Hi All, ;)

    I'm just wondering if anyone is interested in a Hosts File Project? ~Total Unofficial~

    It'd just be a members/guest effort for our community. Which might be neat, handy and a little Fun.

    I pretty much toy with the idea myself ... and have been compiling/merging some Hosts lists. ( I don't know what the legal issues would be around using/modifying other lists ... o_O) My Hosts File is fairly extensive @ 1.14mb :p

    Anyway ... here's a couple of basic thoughts I had regarding the Project.

    List the Hosts File Alphabetically - Numerically, with Ad Servers listed in there own sub-section.

    Possibly add in redirects for illegal/knockoff copies of AntiSpy Products to the Original Authors Homepage (referencing Spyware Warrior / Eric Howes - Rogue/Suspect Anti-Spyware List - http://www.spywarewarrior.com/rogue_anti-spyware.htm)

    Maybe provide an additional Porn Site Block List - One Host without the Porn Site Listings and one with.

    So what do you think? Is it logistically possible? Is anyone interested? etc. etc.

    Any comments or ideas are more than Welcome. :)

    Steve
     
    Last edited by a moderator: Mar 10, 2005
  2. feddup

    feddup Registered Member

    Joined:
    Oct 30, 2004
    Posts:
    160
    Re: Is anyone interested in a Hosts File Project

    I have nothing to contribute but I'd like to hear what the security veterans have to say about hosts. It seems like a no lose proposition. Both the forum and the use of the host file.
     
  3. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    Re: Is anyone interested in a Hosts File Project

    Nice!
    We can compile a huge list of known sites that are dirty and put them in to the hosts file.
    If we can make a project like this, we can also supply our own host file list to the other security forums.
     
  4. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Re: Is anyone interested in a Hosts File Project

    Might be worth while, I want to see what some others think. ;)

    bigc
     
  5. bigbuck

    bigbuck Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    4,877
    Location:
    Qld, Aus
    Re: Is anyone interested in a Hosts File Project

    Sounds Goooooood!
     
  6. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    601
    Location:
    Australia
    Re: Is anyone interested in a Hosts File Project

    Maybe have a parallel version of the Hosts list that has resolved the IP addresses so that the list can also be imported into Bluetack's Blocklist Manager (for those of us that block such things by IP, seeing as the hosts file is so easily bypassed....)
     
  7. Jimbob1989

    Jimbob1989 Registered Member

    Joined:
    Oct 18, 2004
    Posts:
    2,529
    Re: Is anyone interested in a Hosts File Project

    I would be willing to help steve, I'm an IP Hunter Trainee for Bluetack Internet Security Solutions

    And I will be able to help with this area aswell, reasonably advanced in that area
     
  8. Jimbob1989

    Jimbob1989 Registered Member

    Joined:
    Oct 18, 2004
    Posts:
    2,529
    Re: Is anyone interested in a Hosts File Project

    I thought this might come up as I was thinking something similar myself. Many people are using PeerGuardian and Proto wall at the moment, what are the advantages of using a Host File instead?

    Jimbob
     
  9. Jimbob1989

    Jimbob1989 Registered Member

    Joined:
    Oct 18, 2004
    Posts:
    2,529
    Re: Is anyone interested in a Hosts File Project

    My IP blocklist was 5MB last time i checked :D
     
  10. Re: Is anyone interested in a Hosts File Project

    Each have their own pluses and minuses. One filters on Domain name, another filters on Ip addresses.

    Say you have some adware installed, and it tries to phone home to some site, www.veryveryevil.com which say is 255.255.255.255 . Assume that it is able to bypass your oubound firewall maybe because your firewall cannot tell the difference between it and your browser (which is trusted to connect outward).


    If it is hardwired to phone home by using domain names, putting veryveryevil.com in your hosts file will be sufficient to block it.

    Given how common hosts files are today,a clever trick would be for the malware to be hardwired to phone home directly to the ip address itself, so it wouldnt need to do a DNS lookup. In such a case your host files wouldnt help.

    In the scenario above, we assume that your normal firewall wouldnt help either, because it is seen as part of your browser. If you had a IP block list with rules that have priority to all other rules, the adware would be blocked.

    Of course, in the above 2 scenarios, a IP block (assuming you had the right ip address) would stop both types of malware regardless of whether it was phoning home via domain names or ips, so a IP block might seem superior.

    However, One factor to consider with regards to maintaining a blacklist of Ip lversus domain name lists (essentially host files), is that in theory, it would be more costly to register domain names then to change the ip registered to the same domian name.

    Another difference is that ip block lists tend to be 2 ways blocking both outbound and inbound , while hosts file are one way only of course.

    IMHO there is a place for both blocking sites by Domain names and by IP addresses.

    One lesser known software DNSkong - a pseudo DNSlike server is actually superior to a Host files, but is much more technically difficult to setup.
     
  11. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    Re: Is anyone interested in a Hosts File Project

    Does having such a huge Hosts file slow one down at all?

    Acadia
     
  12. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    Re: Is anyone interested in a Hosts File Project

    Hi Acadia,

    I have disabled my "DNS Client Service" and with a hosts file that is 0.99 M, I notice no slowdown at all ;) ...

    HTH :D ...
     
  13. dog

    dog Guest

    Re: Is anyone interested in a Hosts File Project

    That's the only issue ... you have to disable the DNS Client in services.msc ... once it's shutdown there's no slowdown.

    Here's info on the DNS Client from BlackViper:
    http://www.blackviper.com/WinXP/service411.htm#DNS_Client

    The Power User - Bare Bones configs are set to disable. Here's the config list - http://www.blackviper.com/WinXP/servicecfg.htm

    Steve
     
  14. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States
    Re: Is anyone interested in a Hosts File Project

    I don't exactly remember the site, but a year or so ago, I was directed to a site that allowed you to download a host file that contained over 1000 common sites that included nasties and re-directed them to 127.0.0.1. After I updated my system with it. I almost never got any popups. That has been awhile ago, but It was definately nice to have.

    If I can find the link, I'll post it. :cool:
     
  15. feddup

    feddup Registered Member

    Joined:
    Oct 30, 2004
    Posts:
    160
    Re: Is anyone interested in a Hosts File Project

    I recently started using the hosts file and hoped people who were more experienced might provide guidance as to what hosts managers they used as well as their sources of the files themselves. It already seems to have cut down on malware but refinement couldn't hurt.
     
  16. dog

    dog Guest

    Re: Is anyone interested in a Hosts File Project

    Hi feddup, ;)

    As far as utilities (host managers) go ... I usually do everything manually ... but I have and do occasionaly use these three:

    Ray Marrons - Hostess - http://accs-net.com/hostess/
    Abelha Digitals - Host Man - http://pwp.netcabo.pt/0413933601/abelha.html
    OK Software - Host Reader - I can't find the link ATM

    As far as host files go, there are many of them ... these are some that I use:

    MVPS - http://www.mvps.org/winhelp2002/hosts.htm
    HpGuru - http://www.hosts-file.net/downloads.html
    BlueTack - http://www.bluetack.co.uk/forums/index.php?showtopic=8406
    GDS / Mike Meyer's Hosts - http://accs-net.com/hosts/get_hosts.html
    (Host Toggle {program} is also available from GDS - http://www.accs-net.com/hosts/HostsToggle/)
    Mine's Hosts - http://hostsfile.mine.nu/downloads/
    SuperTrick - http://www.filesharingplace.com/supertrickxg/main.htm

    Eric Howes' Privacy Site also has tons of links and info - http://https..netfiles.uiuc.edu/ehowes/www/soft8a.htm
    The Main Index - http://www.spywarewarrior.com/uiuc/main-nf.htm

    HTH,

    Steve
     
    Last edited by a moderator: Mar 9, 2005
  17. feddup

    feddup Registered Member

    Joined:
    Oct 30, 2004
    Posts:
    160
    Excellent!

    I couldn't ask for more! Lots of options!
     
  18. Bethrezen

    Bethrezen Registered Member

    Joined:
    Apr 16, 2002
    Posts:
    546
    Re: Is anyone interested in a Hosts File Project

    hi all

    id have to agree this sounds like an excellent idea I'm sure if everyone clubbed in and posted there host files in a short time we would have one of the most comprehensive host lists around I mean the list I use already has 32112 entries and I hardly ever have problems with malware

    me and optimizer other wise known as infinity already have a small operation like this going on the spyblocker board creating and maintaining both host and ip lists for use with spyblocker and spyblockers pacfile
     
  19. dog

    dog Guest

    Re: Is anyone interested in a Hosts File Project

    Thanks Bethrezen ;)

    I'll have to check it out. :)

    Steve
     
  20. fred22

    fred22 Registered Member

    Joined:
    Dec 6, 2004
    Posts:
    229
    Re: Is anyone interested in a Hosts File Project

    Hi m8...i can't PM,Email u so i ask here:

    are u willing to share this IP Blocklist whit us?..its impressive holding 5MB..mine is 2MB only

    u can use rapidshare,yousendit for upping ;)

    thanks for the share
     
  21. MakoFusion

    MakoFusion Registered Member

    Joined:
    Jun 25, 2003
    Posts:
    130
    Re: Is anyone interested in a Hosts File Project

    I am def. interested in this project.. I have been merging host files with Hostess for at least a year now and at last entry it was 2.xx MB. Let me pull up the latest updated HOSTS files from my list and get back with you on this! In fact I can probably start us off with our first HOSTS file submission.

    A project like this requires some guidelines though when sources are coming from multiple people.

    - Seperate the various HOSTS groups by
    Instant Messenger| Popular sites like Yahoo, MSN, etc.| Entries provided by programs such as SSDD| Spyware ad servers| Porn sites| etc.

    - Duplicate entries need to be searched for and deleated to compact the file as small as possable.

    - When merging files with HOSTESS after they have been all merged together rescan the file to take out duplicate entries!

    - Verification: I have tried to verify large HOSTS files and it just does not work out so well. This will require a team more than likely that are assigned each section of a HOSTS file to ensure those servers are still working and need to be blocked. Various programs are out there for this purpose.

    Here is another idea on how to go resolve several problems at once! Be advised this will take quite a few warm bodies and some time to set it all up right the first time.

    Various HOSTS files block services that some people may actually WANT! Such entries that block the chatroom list in AIM, prevent AIM from working, MS Updates, certain ISP homepage advanced features, etc.

    Divide the HOSTS file entries into different .txt files depending on what they are for and zip them all up in a .zip or .rar file to be for download. Then they can extract these text files into a folder and use a program like Hostess to create their own. This helps eliminate the need to try to compromise security and functionability. But there is an added bonus! The HOSTS files are broken down and distrubuted amoung team members in the project to verify. This way one person is not bogged down with the momumental task of verifying 84,000+ entries with a program that can only do about 1 per second.

    Example!

    Wilder'sCustomHOSTS.rar

    Readme.txt
    FreezesAIM@SignOnIfAdded.txt
    BlocksComcast.txt
    BlocksYahooMail.txt
    BlocksHotmail.txt
    BlocksMSN.txt
    BlocksAdServers.txt
    BlocksPorn.txt
    BlockTrojans.txt

    Edit: In fact I can easily see this turn into a small security program.

    It would have a checklist on things you wanted to block or unblock in the various fields I have set forth in the example. Lets say that pesky HOSTS file is not letting me sign on AIM... Open the program and click on the taskbar icon in the right hand corner > Uncheck FreezesAIM@SignOnIfAdded option > Apply > OK! And now the ENTIRE HOSTS does not have to be disabled just the 2 entries that allow or prevent AIMToday freeze ups.

    And why not... Let it have updates and act just like SpywareBlaster does which is seperated by IE, Mozilla, Other, etc. Getting the picture here?

    Exampe:
    Enable blocking of these components!

    Comcast
    YahooMail
    Hotmail
    MSN
    AdServers
    Porn
    Trojans

    Enable all HOSTS entries! 84,000+ entries
     
    Last edited: Mar 10, 2005
  22. Bethrezen

    Bethrezen Registered Member

    Joined:
    Apr 16, 2002
    Posts:
    546
    Re: Is anyone interested in a Hosts File Project

    hi

    this isn't really much of a problem

    I take it you are talking to custom unblocking that isn't hard either all ya need is a find function like the one found in spyblocker

    the trick is knowing which entries need to be unblocked and that's where things can get tricky

    now this is the biggie this is where your problems start because even small host files can take all year to verify so this would require an automated tool and I cant say i know of any and even if there is a good one that is 100% accurate a host file that's got like 100,000 to 200,000+ entries is still going to take all year to verify

    then even once you have verified that all the domains exist ya still need to check that there have been no entries added that shouldn't be there because we don't want to block legitimate sights
     
  23. MakoFusion

    MakoFusion Registered Member

    Joined:
    Jun 25, 2003
    Posts:
    130
    Re: Is anyone interested in a Hosts File Project

    I created a HOSTS file which includes PORN sites as well containing 99,429 entries. If you are interested in this please reply back to this posting!

    Edit:
    I have sugguested several ideas how to go about this but I'm justing waiting for Dog to get back with us on this thread.

    BTW even after having this 3.2 MB file I have updated 2 more entries that make AIM.com look very very nasty but still works! The excitement never stops!

    cdn.aim.com
    aolservices.springstreetnetworks.com

    And in response to your comments to my own comments here is as follows: Verification would be made easier if it was broken down and distibuted amoung more than one team member even if there are 100,000 entries. Folks who post their own HOSTS files use programs to verify their entries thus that is why they keep them updated. Different programs such as HOSTESS and HOSTMan seem to count duplicate entries different for some unknown reason. Trying to find what exactly you want to unblock to make something work is a very tedious process which quite frankly many folks do not know how to do. Even if you have a logger first you need to disable the HOST file then find ALL the sites it connects to - then filter out the one or few sites you need to not block in order for the whole feature to work. After that updating the HOSTS file to put back in all the sites you can block and still make it work. I've done this crap for over a year and I can tell you one thing is for sure!

    How much easier it is to take HOST Toggle and just disable my ENTIRE HOST file when I want to sign on to AIM or something like that. But of course I forget to re-enable it when I sign off. And the entries only ADD themselves back in after merging updated HOST files in which I have to manually take them out once again for the sake of funtionability in certain sites. So far the only solution to this problem is HPGuru's Proxomitron HOSTS entry bypass plugin.
     
    Last edited: Mar 10, 2005
  24. Bethrezen

    Bethrezen Registered Member

    Joined:
    Apr 16, 2002
    Posts:
    546
    Re: Is anyone interested in a Hosts File Project

    hi

    I think what is needed here is for one of the wilders staff to take point and set up the frame work that a project like this will need

    While I'm sure there are plenty around that are willing to participate this does little good if there’s no project leader to direct efforts
     
  25. MushfiQ

    MushfiQ Registered Member

    Joined:
    Jan 8, 2005
    Posts:
    131
    Re: Is anyone interested in a Hosts File Project

    I think our senior members as well as who does uses HOSTS file could unite together & combine them, re-check all the entries along with a thread how to use the HOSTS file,read me etc & all. Might be lil time consuming in the end but once all the nasties got merge together...i guess then by weekly or fortnightly an update could take place.

    Cheers
    :cool:
     
Loading...
Thread Status:
Not open for further replies.