DNS/Hosts file issues

From: Chad Myers (chad_at_CHADMYERS.COM)
Date: 10/28/03

  • Next message: Sym Security: "Re: Norton Internet Security Blocked Sites XSS" 
    Date:         Tue, 28 Oct 2003 11:51:46 -0600
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    Russ,

    I'm not sure if you want to advocate this, but it appears that it's now
    a
    security requirement to block banner ads since they can trojan into
    legitimate sites which you may not have blocked at the Proxy/Filter.
    Also,
    it appears that banner ad companies do not verify the content of their
    customers and just syndicate whatever javascript or malicious code they
    may
    have to put up.

    There are several sites which maintain hostfiles which you can download
    that
    map hundreds of known banner ad/adware/spyware/tracking sites to
    localhost/127.0.0.1 thus causing all banner ads, etc to fail.

    Your readers/customers may be interested to set up some type of
    deployment
    (SMS?) of hosts files to their client boxes, or maybe just on the proxy
    box
    or DNS box itself to help stop malicious banner ads from taking over
    their
    network.

    Here are some links to various sites I found that maintain host mapping
    files and utilities:
    (not all links verified, use at your own risk, you should verify them
    before
    installing them, etc)
    http://accs-net.com/hostess/
    http://asp.flaaten.dk/download/pafiledb.php?action=category&id=2
    http://pgl.yoyo.org/adservers/
    http://www.mvps.org/winhelp2002/hosts.htm
    http://www.accs-net.com/hosts/
    http://lists.gpick.com/pages/Hosts_File_Administration.htm
    http://www.everythingisnt.com/hosts.html
    http://someonewhocares.org/hosts/
    http://accs-net.com/hosts/HostsToggle/

    -Chad 

    ----
NTBugtraq subscribers save $103.00 off the TICSA exam by using promo
code "NT1003" when registering to take the TICSA exam at www.2test.com.
Prove to your employer and peers that you have the knowledge and
abilities to be an active stakeholder in today's enterprise security.
Become TICSA certified www.trusecure.com/ticsa.  Promotion expires
12/31/03 and cannot be used in combination with other offers.
----
  • Next message: Sym Security: "Re: Norton Internet Security Blocked Sites XSS"