Setting up a Hosts File

Discussion in 'privacy technology' started by Blackspear, May 3, 2005.

Thread Status:
Not open for further replies.
  1. The Seeker

    The Seeker Registered Member

    Joined:
    Oct 24, 2005
    Posts:
    1,317
    Location:
    Adelaide
    To those asking whether a HOSTS file whilst using IE-SPYAD is necessary, this is taken from the Read Me file included with the program itself:-

    "If I use a HOSTS file, why do I need IE-SPYAD?

    If you use one of the many custom HOSTS files available on the Net for ad blocking, your HOSTS file will block most ad servers before your browser ever manages to contact them, but there will be occasions when the Restricted sites zone comes in handy. Online marketers are always adding new servers to their stable of ad servers. The HOSTS file (which can be told only about individual servers -- e.g., www.doubleclick.com or ads.doubleclick.com) might not include some of these newer servers, in which case the Restricted sites zone (which can restrict whole domains -- e.g., every server at doubleclick.com) will pick them up.

    For example, the HOSTS file might know about the ad server adsel16.imgis.com, but if that online marketer starts using adsel66.imgis.com, HOSTS might not recognize it, letting it pass through to your browser. The Restricted sites zone, however, has been told to restrict everything from *.imgis.com (where * is a "wild card" character), and will prevent that ad server from putting a "cookie" on your hard drive once your browser does contact adsel66.imgis.com.

    In other words, the Restricted sites zone is a kind of insurance policy. Ad servers that pass through the HOSTS file just fine will be restricted by the Restricted sites zone.

    The one real advantage to using the HOSTS file is that it works at the networking level, blocking ALL outbound network traffic to specified servers, whereas IE's Restricted sites zone (obviously) works only for Internet Explorer. This aspect of the HOSTS file makes it especially useful for controlling Internet access for non-web browser applications like "adware" or "spyware."

    If you're wondering, I use BOTH, and I've never experienced any appreciable performance hit."


    I hope this clears up any doubts.
     
  2. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Continuing the route idea. There is a program called DNSKong, which uses a similar approach to the hosts file, although you have mulitple text files which are basically filter sets. Sort of a pass or fail file. Seems to definately offer more creativity than the hosts file.

    Playing with the route tables, that is a pretty direct approach. I have found that you can route it back to yourself or route it to a non used ip on your subnet. I also read about setting localhost in the registry as your first in line DNS entry. Still playing with the ramifications of that.

    Here is a question. If you are using route to add an ip, can you use the subnet mask to filter a certain number of ip's after the initial ip? As in 33.33.33.1, subnetting 255.255.255.255 is for that on ip. Looking further at subnet calculations, I see that using 255.255.255.248 should filter out 8 ip's, starting with .1 . Or, am I incorrect. I tried using the MASK option for route, but something is not right.

    Still trying to find a way to have the OS block a net block or 'subnet' of ip's instead of using software to do it. RIAA guard seems to do it, as well as a plug in for the firewall I use. However, I would like to stop it before it gets to the software.

    What do you think? Is this line of thought going anywhere?
     
  3. stein

    stein Registered Member

    Joined:
    Nov 18, 2005
    Posts:
    26
    Location:
    Scandinavia
    I guess this routing idea is best handled by a firewall application that is capable of importing a list of ip-addresses and ranges you want to block. If I am not misinformed, Outpost is able to import the Agnis list maintaned by Eric Howes (see http://www.spywarewarrior.com/uiuc/main.htm).

    By the way, here is the logic of specifying ranges through the subnet mask:

    33.33.33.0 255.255.255.255 = 33.33.33.0 only.
    33.33.33.1 255.255.255.255 = 33.33.33.1 only.
    33.33.33.2 255.255.255.255 = 33.33.33.2 only.
    etc.

    33.33.33.0 255.255.255.254 = 33.33.33.0 - 1.
    33.33.33.2 255.255.255.254 = 33.33.33.2 - 3.
    33.33.33.4 255.255.255.254 = 33.33.33.4 - 5.
    33.33.33.6 255.255.255.254 = 33.33.33.6 - 7.
    33.33.33.8 255.255.255.254 = 33.33.33.8 - 9.
    etc.

    33.33.33.0 255.255.255.253 = 33.33.33.0 - 3.
    33.33.33.4 255.255.255.253 = 33.33.33.4 - 7.
    33.33.33.8 255.255.255.253 = 33.33.33.8 - 11.
    33.33.33.12 255.255.255.253 = 33.33.33.12 - 15.
    33.33.33.16 255.255.255.253 = 33.33.33.16 - 19.
    33.33.33.20 255.255.255.253 = 33.33.33.20 - 23.
    etc.

    33.33.33.0 255.255.255.252 = 33.33.33.0 - 7.
    33.33.33.8 255.255.255.252 = 33.33.33.8 - 15.
    33.33.33.16 255.255.255.252 = 33.33.33.16 - 23.
    33.33.33.24 255.255.255.252 = 33.33.33.24 - 31.
    33.33.33.32 255.255.255.252 = 33.33.33.32 - 39.
    33.33.33.40 255.255.255.252 = 33.33.33.40 - 47.
    etc.

    33.33.33.0 255.255.255.251 = 33.33.33.0 - 15.
    33.33.33.16 255.255.255.251 = 33.33.33.16 - 31.
    33.33.33.32 255.255.255.251 = 33.33.33.32 - 47.
    33.33.33.48 255.255.255.251 = 33.33.33.48 - 63.
    33.33.33.64 255.255.255.251 = 33.33.33.64 - 79.
    etc.

    33.33.33.0 255.255.255.250 = 33.33.33.0 - 31.
    33.33.33.32 255.255.255.250 = 33.33.33.32 - 63.
    33.33.33.64 255.255.255.250 = 33.33.33.64 - 95.
    33.33.33.96 255.255.255.250 = 33.33.33.96 - 127.
    etc.
     
  4. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Nice. That did it. Don't know why i could not get it to work before. But it is now.

    You are correct about outpost. Alos there is a plugin that blocks them too. However, I am looking for a way to block specfic and limited ip ranges only for applications that i do not want to get 'out' of my box.

    For instance, prevx2, which i use, is really a discontinued product now. So now updates etc. So instead of making rules in the firewall, I have added this

    route add 62.189.127.192 MASK 255.255.255.250 192.168.1.2

    Which effectively blocks any and all communications with the whole netblock for prevx. I have similar situations that I am going to use it on. The only reason really to do this is because prevx has 27 URL/DNS aliases. Starting with act.prevx.com to act9.prevx.com, same with eld.prevx.com and wip.prevx.com. So, that is 28 total entries in the hosts file, which would do it. But, if they have other aliases which I do not know about, the route method takes care of any and all of them.

    Not to mention it is something new to learn.

    Thanks for the replies.
    sul
     
  5. stein

    stein Registered Member

    Joined:
    Nov 18, 2005
    Posts:
    26
    Location:
    Scandinavia
    Sully, you better use the -p switch to make the route survive a reboot (route -p add .....).
     
  6. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Yeah. I am writing up an autoIT script to put them into the registry for me. I am thinking of making a small gui to both manage what to delete or add as well as pull up whois/arin records so to have one interface to do it from.

    Thanks for the heads up tho.

    sul
     
  7. Jay11195

    Jay11195 Guest

    Unrestricting a HOST restricted server.

    I have a web asdress (bravenet.com) which I cannot access because it is restricted. How can I UNrestrict it?
     
  8. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,750
    Location:
    EU
    Read all about hosts file here

    Gerard
     
  9. Kayos

    Kayos Guest

  10. Kayos

    Kayos Guest

    Last edited by a moderator: Jan 12, 2006
  11. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    i made a small script that manages persistent routes. GUI shell. IP lookup per domain name. Returns ip or multiple ip's and routes them to x.x.x.250.

    Simple and effective. Only using it to stop applications that want to go 'out'. Experimenting to see if this is less resource load than applying firewall rules. Also, I think a benefeit because it is at lower layer than firewall. Presumebly anyway. I have yet to determine how this affects performance. Might be that there is a finite number of entries for performance. That's ok, as I only have a half dozen ip's that i need to do this with anyway.

    One nice part is i can code it to do remote registry editing too. So all the computers at work can be managed from mine.

    If anyone is interested I will post the script (uncompiled). Only about 8kb.

    sul
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.