redirecting domain names
On my windows machines, I use the hosts file from http://www.mvps.org/winhelp2002/hosts.htm; which removes a lot of junk from the internet. Rather than going to each machine an installing this hosts file in \windows\system32\drivers\etc I would rather have my firewall block these names instead. Please note the blocking has to be done on the name, not the ip address. The ip address could easily be at some hosting site, and also be used for some entirely valid web site. Does any one know how to implement this?
Re: redirecting domain names
On 2006/01/22 12:39, Peter Fraser wrote: Rather than going to each machine an installing this hosts file in \windows\system32\drivers\etc I would rather have my firewall block these names instead. Please note the blocking has to be done on the name, not the ip address. You'll need to use a web proxy for this.
Re: redirecting domain names
Stuart Henderson wrote: On 2006/01/22 12:39, Peter Fraser wrote: Rather than going to each machine an installing this hosts file in \windows\system32\drivers\etc I would rather have my firewall block these names instead. Please note the blocking has to be done on the name, not the ip address. You'll need to use a web proxy for this. You COULD use a proxy for this (actually, it would have to be a more general proxy, not just web), but you can do this in simpler ways, too (which I would argue are at least as effective in real life than the more technically perfect proxy system). Just set up a poisoned DNS resolver to mangle resolution of any domain or subdomain you don't want people going to, which is what you are doing in a machine-by-machine basis with a hosts file: http://www.holland-consulting.net/tech/imblock.html I'm very fond of this idea of DNS mangling, both to eliminate things I find personally annoying, plus as an aid for managing other people's computers. See the Disadvantages section in that article for a list of limitations and disclaimers. Nick.
Re: redirecting domain names
Hi, I use DNS to solve this too. Got my list from http://pgl.yoyo.org/adservers/ which can generate config files in a bunch if different formats. Works great. Cheers, /jkm * Nick Holland ([EMAIL PROTECTED]) wrote: Stuart Henderson wrote: On 2006/01/22 12:39, Peter Fraser wrote: Rather than going to each machine an installing this hosts file in \windows\system32\drivers\etc I would rather have my firewall block these names instead. Please note the blocking has to be done on the name, not the ip address. You'll need to use a web proxy for this. You COULD use a proxy for this (actually, it would have to be a more general proxy, not just web), but you can do this in simpler ways, too (which I would argue are at least as effective in real life than the more technically perfect proxy system). Just set up a poisoned DNS resolver to mangle resolution of any domain or subdomain you don't want people going to, which is what you are doing in a machine-by-machine basis with a hosts file: http://www.holland-consulting.net/tech/imblock.html I'm very fond of this idea of DNS mangling, both to eliminate things I find personally annoying, plus as an aid for managing other people's computers. See the Disadvantages section in that article for a list of limitations and disclaimers. Nick.
Re: redirecting domain names
On 2006/01/22 13:54, Nick Holland wrote: You'll need to use a web proxy for this. Just set up a poisoned DNS resolver to mangle resolution of any domain or subdomain you don't want people going to, which is what you are doing in a machine-by-machine basis with a hosts file: ahh, of course. That's a much better idea, I don't know what I was thinking..!
Re: redirecting domain names
On Sun, 22 Jan 2006 12:39:15 -0500, Peter Fraser wrote: On my windows machines, I use the hosts file from http://www.mvps.org/winhelp2002/hosts.htm; which removes a lot of junk from the internet. Rather than going to each machine an installing this hosts file in \windows\system32\drivers\etc I would rather have my firewall block these names instead. Please note the blocking has to be done on the name, not the ip address. The ip address could easily be at some hosting site, and also be used for some entirely valid web site. Does any one know how to implement this? dnsspoof from the dsniff package does it for me with 127.0.0.1 as the address returned for anything I don't want sending to my LAN in response to http GETs to banner ads etc. It does wild card naming which is great but take care because ads*.* matches adsl.example.com and you might want to get to the latter type of address although that quoted one is of course fictional. From the land down under: Australia. Do we look umop apisdn from up over? Do NOT CC me - I am subscribed to the list. Replies to the sender address will fail except from the list-server.