i kinda agree that simple http redirection works best here windowsupdate.com -------> wescrewedup.microsoft.com as the attacking agent is not http, and http is what is needed, hell you could also only allow port 80 tcp/ip requests on the filters as well. Dropping everything else at the border. going 127.0.0.1 for a day or two is also an idea or not
morning_wood _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
