Really the advantage is that the server can not easily get to the spyware to begin with. The list is basically a list of spyware and adware servers on the internet, but the addresses are all pointed at 127.0.0.1.
Here's a few lines : 127.0.0.1 007arcadegames.com 127.0.0.1 101com.com 127.0.0.1 101order.com 127.0.0.1 123banners.com 127.0.0.1 123found.com If you hit a site that wants to go to one of these servers (with a pop-up for example) the server tries to talk to back to itself. If it is running on a web server, it is especially funny. I had a client once who thought his web site had been hacked. He was surfing the web from one of his web servers, and every time he went to cnn.com it popped up a copy of HIS site on the screen. It took me a while to explain to him through the laughter what was happening. I think I finally convinced him to stop surfing from his server farm. Once the spyware is on the server, it is way too late for this kind of defense. At that point you are going to have to go to some active process to get rid of it. Kevin -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Schaefer Sent: Thursday, July 13, 2006 1:21 AM To: [email protected] Subject: RE: [ActiveDir] Multihomed Domain Controllers Can't your spyware just change/delete the host entries again? Or use an IP address (or do you configure static routes for the subnets that the IP addresses reside in that those host entries point to?) Has this tactic ever helped anyone in a spyware-on-the-server situation? (except possibly in a SOHO situation where the server's been treated like a desktop?) Cheers Ken -- My IIS Blog: www.adOpenStatic.com/cs/blogs/ken Tech.Ed Sydney: learn all about IIS 7.0 - See you there! : -----Original Message----- : From: [EMAIL PROTECTED] [mailto:ActiveDir- : [EMAIL PROTECTED] On Behalf Of Kevin Brunson : Sent: Thursday, 13 July 2006 3:00 AM : To: [email protected] : Subject: RE: [ActiveDir] Multihomed Domain Controllers : : I have definitely found the hosts file to be useful on servers to keep : them from EVER getting to spyware sites. This guy has a great list : : http://pgl.yoyo.org/adservers/serverlist.php?showintro=0&hostformat=hos : t : s : : Just cut and paste into the hosts file and you are good to go. I : scripted it for all of the servers I deal with. But I guess this is : getting pretty far OT: :) : Kevin : : -----Original Message----- : From: [EMAIL PROTECTED] : [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, : CPA aka Ebitz - SBS Rocks [MVP] : Sent: Wednesday, July 12, 2006 10:41 AM : To: [email protected] : Subject: Re: [ActiveDir] Multihomed Domain Controllers : : In the year 2006.. I hope we are still not making host file entries on : servers and workstations.... :-) : : Peter Johnson wrote: : : > You might want to then create entries in the host file on the backup : > server so that you guarantee that the backup server always uses the : > right network connection. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
