RE: banned sites lists!

From: Chisholm Wildermuth (cwildermuth@dbwebnet.net)
Date: 05/30/02 

Date: Wed, 29 May 2002 17:58:16 -0700
From: "Chisholm Wildermuth" <cwildermuth@dbwebnet.net>
To: "BRAD GRIFFIN" <b.griffin@cqu.edu.au>

That's probably true, I'm only familiar with the usage in Win2k...and even
then very little. All of our installs use DNS, except for very very special
instances.

I still have to stand firm on thinking that it's a bad idea though... I
don't know how many machines you admin, but I really really really would hate
having to mess with hosts files on all the machines. I had heard of
something at one point that MS created/beta/demo'd a "distributed" hosts file
or something of the like where you could keep a single copy on a server and
they would all reference that?? I don't really recall... I just know I don't
think it's a very good solution to a problem. I see too many work arounds,
too much admin time, and still not simplistic enough to make it practical.

"The only problem with this method is that it can be tricky to set up in
conjunction with a proxy server." --- Why would you do both ?

IMHO Content filtering should still be done at a proxy and not with an
archaic file whose life ended with that of the original ARPANet.

Chisholm Wildermuth
Systems Engineer
dbWebNet, Inc.

---------------------------------------------------------------------------
The opinions expressed here are my own and do not necessarily reflect those
of my employer.

-----Original Message-----
From: BRAD GRIFFIN [mailto:b.griffin@cqu.edu.au]
Sent: Wednesday, May 29, 2002 5:33 PM
To: security-basics@securityfocus.com
Cc: Chisholm Wildermuth
Subject: RE: banned sites lists!

Hi Chisolm

I'd suggest you try this first before making comment. In my experience with
using this method to block content and save bandwidth, I've noticed no
latency (at least nothing in human terms).
However, I should have noted that if you use this method on a Win2K
workstation, it is recommended that you disable the DNS client on the box as
it *will* cause major dramas. From my experience, disabling the DNS client on
a workstation has absolutely no adverse effects on the system.

The only problem with this method is that it can be tricky to set up in
conjunction with a proxy server.

Cheers,
Brad

> -----Original Message-----
> From: Chisholm Wildermuth [mailto:cwildermuth@dbwebnet.net]
> Sent: Thursday, May 30, 2002 7:40 AM
> To: BRAD GRIFFIN; security-basics@securityfocus.com
> Subject: RE: banned sites lists!
>
>
> Maybe I'm misunderstanding what you're saying ("listing is
> used so that folks
> can modify their hosts file")....but I _WOULD NOT EVER_ put
> anything with one
> thousand one hundred and ninety eight lines as my host file. MS even
> recommends you not use the template host file with comments
> because that's an
> extra 20 lines that the OS must sift through before getting
> to the good
> stuff. Can you imagine the latency of windows having to go
> through that
> many lines (13,198) of a host file before it decides it needs
> to go out to a
> DNS server and look something up??
>
>
> -----Original Message-----
> From: BRAD GRIFFIN [mailto:b.griffin@cqu.edu.au]
> Sent: Tuesday, May 28, 2002 4:39 PM
> To: security-basics@securityfocus.com
> Subject: RE: banned sites lists!
>
> Hi
>
> You'll find a very comprehensive list of ad servers, p0rn and
> other dubious
> sites here:
>
> http://www.smartin-designs.com/
>
> The listing is used so that folks can modify their hosts file
> under Windows
> boxes to prevent access to certain sites. It's been around
> for a while and
> the list now contains 13198 entries. Did I mention it's a
> community effort?
>
> Cheers,
> Brad
>
> > -----Original Message-----
> > From: Ivan Hernandez [mailto:ivan.hernandez@globalsis.com.ar]
> > Sent: Saturday, May 25, 2002 6:32 AM
> > To: security-basics@securityfocus.com
> > Subject: banned sites lists!
> >
> >
> > Hello. I have searched google and the bugtraq mail list
> with no luck
> > while looking for "banned sites" lists.
> > I mean, po rn, w arez, ban ners, ads, big cookie damage and all
> > that thins
> > that i don't won't my sweet and innocent network lusers to
> > see trough my
> > proxy :)
> > Any list would be appreciated, recyclated, processated and
> > devlutionated
> > later to this mailing list in order to make a benefit for
> > others in my
> > situation !
> > Thanks in advance...
> >
> > Ivan Hernandez
> >
>

Relevant Pages

  • Re: dns & host file
    ... How to add 192.168.0.100 to my local DNS server. ... is setup accept email relay and 192.168.0.101 use ... If I don't put 192.168.0.100 in host file, the email won't go out, I ...
    (microsoft.public.win2000.dns)
  • Re: dns & host file
    ... How to add 192.168.0.100 to my local DNS server. ... is setup accept email relay and 192.168.0.101 use ... If I don't put 192.168.0.100 in host file, the email won't go out, I ...
    (microsoft.public.win2000.dns)
  • Re: dns & host file
    ... Why do you not install your own DNS server? ... Think it will be more easy then using host file. ... I have two win 2000 servers(application and database server). ... The other network cards connect to internet. ...
    (microsoft.public.win2000.dns)
  • Re: SBS Standard - Block Sites
    ... Will the DNS way work as well though? ... > Example Below contains a link to a Host file that contains most Adds. ... > Russ Grover ... >> something to DNS for the webaddress and putting a static IP of the server ...
    (microsoft.public.windows.server.sbs)
  • Re: DNS to block google talk
    ... like to play with the host file at a central location rather than all the ... as it takes priority in the Windows resolver over DNS resolution. ... Microsoft MVP (Windows Server: Security) ... Creating and maintaining a primary zone is out of the scope, ...
    (microsoft.public.security)