ejes consulting

Techincal Consulting Design and Automation

Rudimentry tcp/ip blocking

with one comment

An old throwback from Arpanet is the old “hosts” file.  This was used instead of DNS servers to resolve names to ip addresses. 

The Internet is so huge now that the hosts file is no longer a useful way to resolve host IP addresses to IP addresses, but this “hosts” file does still exist on all TCP/IP capable computers.

You can find yours too by looking in the right spot. 

Windows

In older versions of windows (Windows Me and older) you can find your “hosts” file in your “%WINDIR%” (usually c:\windows).  More modern Windows Variants (NT, 2000, XP, Vista, and 7) can be found in “%SYSTEMROOT%\System32\drivers\etc” (it’s defined in the HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath registry key). 

Macintosh

Older Macintosh systems (9 and earlier) it can be found in the System or Preferences folder, or in OS/X (including iPhones and iPods) in the /private/etc/hosts file. 

UNIX/Linux/BSD

All UNIX based systems have a /etc/hosts file. 

Netware

Netware systems it is in the “SYS:etc\hosts” directory.

OS/2

In the c:\mptn\etc\ directory.

Once you’ve determined where your hosts file is you can find that it mostly contains information about your own computer.   Something like:

127.0.0.1       localhost

Hackers sometimes will put their own code in here to point you to their malicious sites:

www.evil.com        www.google.com

The above would effectively send any request for www.google.com to www.evil.com instead.

We can use this to our advantage by blocking known malicious or just plain annoying sites.

Who maintains this list?  The guys at MVPs.org have this as a free service.  Located here: http://www.mvps.org/winhelp2002/hosts.txt

Just download that file, copy it’s entries into your “hosts” file and you should have a fairly recently up to date list of malicious sites and some rudimentary blocking to these sites.

How it works is when your computer goes to lookup the address to these malicious sites (should it ever have to), the address it gets back is 127.0.0.1 which is ALWAYS your own computer.  Meaning that any time it tries to attach to a malicious site, it would actually try to attach to your own computer instead.

Remember, this doesn’t make you invincible; but it does definitely help.

Advertisements

Written by ejes

June 29, 2009 at 11:17 am

Posted in Tutorials

Tagged with , , ,

One Response

Subscribe to comments with RSS.

  1. hey!
    how much do you know ip blocking?

    nitikiti

    July 17, 2009 at 11:09 am


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: