Prev: low end linux * follow up*
Next: Replacing /etc/hosts as a spyco 127.0.0.1 redirection address blocker ?
From: Mike Jones on 2 Feb 2010 18:53
Responding to Cat22:

> Mike Jones wrote:
>>
>> My /etc/hosts file is becoming rather large, and as the list of
>> addresses I find I'm adding to it grows daily, I'm now looking for an
>> alternative way to sidetrack DNS away from a list of possible
>> connections.
>>
>> One of the key problems with /etc/hosts is that every entry needs to be
>> a full address, meaning blocking "spyonyou.net" won't block
>> "hahagotcha.spyonyou.net", and so on.
>>
>> With iptables I could block *.spyonyou.* to cover all spyonyou
>> addresses, but with the size of /that/ list, although it would be
>> smaller than my existing /etc/hosts file, it would cost system
>> performance as iptables processed it with each request.
>>
>> Is there a way to duplicate the zero-weight /etc/hosts technique, but
>> in such a way as I can block whole domains with a single entry, as
>> above?
>>
>> ie: Adding "spyonyou" redirects /all/ addresses with that in the
>> address string to 127.0.0.1 for a fast miss'n'drop.
>>
> for firefox install adblock plus -works great! Cat22


Not for any other web application it doesn't.

The whole point of the /etc/hosts solution is that the whole system is
protected from spyco link-traps, not just a single application.

--
*=( http://www.thedailymash.co.uk/
*=( For all your UK news needs.
From: Bit Twister on 2 Feb 2010 19:11
On Tue, 02 Feb 2010 23:53:21 GMT, Mike Jones wrote:

> The whole point of the /etc/hosts solution is that the whole system is
> protected from spyco link-traps, not just a single application.

Hmmm, maybe, depends. What is the result of the following


grep hosts: /etc/nsswitch.conf

grep order /etc/host.conf

From: Mike Jones on 3 Feb 2010 06:37
Responding to Bit Twister:

> On Tue, 02 Feb 2010 23:53:21 GMT, Mike Jones wrote:
>
>> The whole point of the /etc/hosts solution is that the whole system is
>> protected from spyco link-traps, not just a single application.
>
> Hmmm, maybe, depends. What is the result of the following
>
>
> grep hosts: /etc/nsswitch.conf

hosts: files dns

> grep order /etc/host.conf

order hosts, bind



--
*=( http://www.thedailymash.co.uk/
*=( For all your UK news needs.
From: Bit Twister on 3 Feb 2010 08:10
On Wed, 03 Feb 2010 11:37:47 GMT, Mike Jones wrote:
> Responding to Bit Twister:
>
>> On Tue, 02 Feb 2010 23:53:21 GMT, Mike Jones wrote:
>>
>>> The whole point of the /etc/hosts solution is that the whole system is
>>> protected from spyco link-traps, not just a single application.
>>
>> Hmmm, maybe, depends. What is the result of the following
>>
>>
>> grep hosts: /etc/nsswitch.conf
>
> hosts: files dns

Very good. In the past dns or nis was before files.

I used to use /etc/hosts for blocking, now I use privoxy so I can wild
card different servers. Snippets from the action files follow:

### 2nd-, 3rd-, and 4th-level domains to block.
..ads.*.*
..ads.*.*.*
..ads1.*.*
..ads2.*.*

### Paths (without domains) to block. Note that we've removed almost all of
### these.

{+block +handle-as-image}

/*.*/RealMedia/ads/
/adserver\.php

---------------------- end snippets ----------------------------------------

For anyone interested, http://www.privoxy.org/

and I added http://www.neilvandyke.org/privoxy-rules/ as my starter
rules/action set.
From: Mike Jones on 3 Feb 2010 13:50
Responding to Bit Twister:

> On Wed, 03 Feb 2010 11:37:47 GMT, Mike Jones wrote:
>> Responding to Bit Twister:
>>
>>> On Tue, 02 Feb 2010 23:53:21 GMT, Mike Jones wrote:
>>>
>>>> The whole point of the /etc/hosts solution is that the whole system
>>>> is protected from spyco link-traps, not just a single application.
>>>
>>> Hmmm, maybe, depends. What is the result of the following
>>>
>>>
>>> grep hosts: /etc/nsswitch.conf
>>
>> hosts: files dns
>
> Very good. In the past dns or nis was before files.
>
> I used to use /etc/hosts for blocking, now I use privoxy so I can wild
> card different servers. Snippets from the action files follow:
>
> ### 2nd-, 3rd-, and 4th-level domains to block. .ads.*.*
> .ads.*.*.*
> .ads1.*.*
> .ads2.*.*
>
> ### Paths (without domains) to block. Note that we've removed almost
> all of ### these.
>
> {+block +handle-as-image}
>
> /*.*/RealMedia/ads/
> /adserver\.php
>
> ---------------------- end snippets
> ----------------------------------------
>
> For anyone interested, http://www.privoxy.org/
>
> and I added http://www.neilvandyke.org/privoxy-rules/ as my starter
> rules/action set.


That looks useful. Cheers.


--
*=( http://www.thedailymash.co.uk/
*=( For all your UK news needs.
First  |  Prev  |  Next  |  Last
Pages: 1 2 3 4
Prev: low end linux * follow up*
Next: Replacing /etc/hosts as a spyco 127.0.0.1 redirection address blocker ?