Thread: IPCop
View Single Post
  #21  
Old 19th March 2010, 04:03
Elixa Elixa is offline
Junior Member
 
Join Date: Mar 2008
Posts: 6
Thanks: 0
Thanked 3 Times in 3 Posts
Wink How to selectively stop a DNS request from being made … with Windows and / or IPCOP.

How to break / block PowerDVD v6, Internet Download Manager (IDM), Windows, IPCOP & IPCOP addons / plug-ins, from looking for updates and / or whatever else they might be doing behind your back.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Both Windows & IPCOP have a similar way to hardwire break a DNS lookup …

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

The “Windows hosts file” can be found in the folder …

C:\WINDOWS\system32\drivers\etc … hosts

Usually used to redirect DNS requests this file can also be used to hardwire break a connection request by directing the request to the loopback address instead …ie 127.0.0.1

Below is a simple set of addresses that I use in the “hosts” file ... which insures that these requests never make it out (into the www) … because despite having blocked the application via some personal internal firewall … the request / lookups were still being made … until now. (Modifications require a reboot to take effect). Use most any basic Windows text editor to modify the file.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

################################################## (start of example)
##################################################

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

##################################################
###### Microsoft - ET Phone Home

127.0.0.1 crl.microsoft.com

##################################################
###### PowerDVD v6 - ET Phone Home

127.0.0.1 liveupdate.gocyberlink.com

127.0.0.1 detect.gocyberlink.com

##################################################
###### Microsoft - ET Phone Home (MS & Adobe both use crl.verisign.com)

127.0.0.1 crl.verisign.com

127.0.0.1 csc3-2004-crl.verisign.com

##################################################
###### Internet Download Manager - update

127.0.0.1 www.internetdownloadmanager.com

127.0.0.1 internetdownloadmanager.com

127.0.0.1 registeridm.com

##################################################
################################################## (end of example)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IPCOP has a similar app / tool / method that accomplishes the same thing … built in … via “dnsmasq” … but the default IPCOP install gives no configuration file for it to follow. Should IPCOP be directed to use / implement “dnsmasq” … its configuration file would be located in …

/etc … dnsmasq.conf

In order to make use of the built-into-IPCOP “dnsmasq” utiltily … all you have to do is make a “dnsmasq.conf” file & place it in the folder “/etc” … using similar syntax within the file as shown in the example below.

Every time IPCOP starts up it called out for updates & some of the plug-ins did so also upon viewing them via the IPCOP gui … so with the use of another upstream IPCOP the following list (below) was harvested / compiled. (DNS requests can also be viewed within the IPCOP gui … via “Logs/System” … then change “Section:” to “DNS” … then click the “Update” button)

With a Linux text editor (Windows made files may error) … perhaps from your favorite SSH – sftp client, create the file in the IPCOP folder “/etc” … named “dnsmasq.conf” and add the following to it … (or download the file attached below and copy it to “/etc”)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

################################################## (start of example)
##################################################

################################################## #############################


################################################## #############################
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

# See ... /var/log/messages ... For debugging info.

# For debugging purposes, log each DNS query as it passes through dnsmasq.
log-queries

# Log lots of extra information about DHCP transactions.
# log-dhcp

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
################################################## #############################

# IPCop - Stop IPCop from looking for update.
address=/www.ipcop.org/127.0.0.1
# address=/sourceforge.net/127.0.0.1
# address=/vhost.sourceforge.net/127.0.0.1

# IPCop - Stop UrlFilter from looking for update.
address=/www.urlfilter.net/127.0.0.1

# IPCop - Geoip update.
address=/www.maxmind.com/127.0.0.1

# IPCop - Copfilter -- ET Phone Home
address=/www.copfilter.org/127.0.0.1
address=/www.copfilter.org/LATEST-VERSION/127.0.0.1

# IPCop - Advanced Proxy version check.
address=/www.advproxy.net/127.0.0.1
address=/www.advproxy.net/version/ipcop/latest/127.0.0.1

# IPCop - IPTables GUI - update check
address=/ipcop-addons.ath.cx/127.0.0.1

# Web - Redicecreations.com, map spyware from, NoZone, Inc. Chicago IL.
address=/maps.amung.us/127.0.0.1
address=/whos.amung.us/127.0.0.1

# Software - HP Printer Update
# address=/www.hp.com/127.0.0.1
# address=/www.hpgtm.nsatc.net/127.0.0.1

# Firefox & Addons
address=/addons.mozilla.org/127.0.0.1
address=/fxfeeds.mozilla.com/127.0.0.1
address=/www.firefoxdownload.com/127.0.0.1
address=/firefoxdownload.com/127.0.0.1

# Firefox (New v3.5.2)
# address=/sb-ssl.google.com/127.0.0.1
# address=/ocsp.thawte.com/127.0.0.1
# address=/ocsp.verisign.net/127.0.0.1
# address=/www.verisign.net/127.0.0.1
# address=/verisign.net/127.0.0.1
# address=/www.verisign.com/127.0.0.1
# address=/verisign.com/127.0.0.1
# address=/www.squidguard.org/127.0.0.1
# address=/squidguard.org/127.0.0.1
# address=/www.stopbadware.org/127.0.0.1
# address=/stopbadware.org/127.0.0.1

# Google - ET Phone Home
# address=/sb.google.com/127.0.0.1

# PowerDVD v6 - ET Phone Home
address=/liveupdate.gocyberlink.com/127.0.0.1
address=/detect.gocyberlink.com/127.0.0.1

# Macromedia -- ET Phone Home
address=/crl.verisign.com/127.0.0.1
address=/www.adobe.com/127.0.0.1
address=/www.macromedia.com/127.0.0.1
address=/adobe.omniture.112.2o7.net/127.0.0.1

# Alcohol 120% - ET Phone Home
address=/www.alcohol-soft.com/127.0.0.1
address=/vodka.alcohol-soft.com/127.0.0.1

# Internet Download Manager - update
address=/www.internetdownloadmanager.com/127.0.0.1
address=/registeridm.com/127.0.0.1

# Microsoft - ET Phone Home
address=/crl.microsoft.com/127.0.0.1

# Microsoft - ET Phone Home (MS & Adobe both use crl.verisign.com)
# address=/crl.verisign.com/127.0.0.1
address=/csc3-2004-crl.verisign.com/127.0.0.1

# Microsoft - ET Phone Home
address=/www.download.windowsupdate.com/127.0.0.1
address=/www.download.windowsupdate.nsatc.net/127.0.0.1
address=/mscom-wui.vo.llnwd.net/127.0.0.1

# Microsoft - Windowsmedia ET Phone Home
address=/autoupdate.windowsmedia.com/127.0.0.1
address=/codecs.microsoft.com/127.0.0.1

# Microsoft - Office ET Phone Home
# address=/www.office.microsoft.com/127.0.0.1
# address=/office.microsoft.com/127.0.0.1
# address=/www.support.microsoft.com/127.0.0.1
# address=/support.microsoft.com/127.0.0.1
# address=/www.support.microsoft.akadns.net/127.0.0.1
# address=/support.microsoft.akadns.net/127.0.0.1
# address=/www.microsoft.com/127.0.0.1
# address=/microsoft.com/127.0.0.1
# address=/www.js.microsoft.com/127.0.0.1
# address=/js.microsoft.com/127.0.0.1
# address=/www.i.microsoft.com.edgesuite.net/127.0.0.1
# address=/i.microsoft.com.edgesuite.net/127.0.0.1

# ZoneAlarm - ET Phone Home
address=/zonelabs.com/127.0.0.1
address=/cm2.zonelabs.com/127.0.0.1

# Filseclab - ET Phone Home
address=/filseclab.com/127.0.0.1
address=/messenger3.filseclab.com/127.0.0.1
address=/onlineres.148.hh82.com/127.0.0.1

# Gravatar - Tracking Avatar (Suspicious Behavior)
address=/gravatar.com/127.0.0.1
address=/www.gravatar.com/127.0.0.1
address=/en.gravatar.com/127.0.0.1
address=/www.en.gravatar.com/127.0.0.1

# CounterStrikeCZ - ET Phone Home
address=/207.173.177.11/127.0.0.1
address=/207.173.177.12/127.0.0.1
address=/11.177.173.207.in-addr.arpa/127.0.0.1
address=/12.177.173.207.in-addr.arpa/127.0.0.1
address=/steam1.steampowered.com/127.0.0.1
address=/www.steam1.steampowered.com/127.0.0.1
address=/steam2.steampowered.com/127.0.0.1
address=/www.steam2.steampowered.com/127.0.0.1
address=/hlmaster1.hlauth.net/127.0.0.1
address=/www.hlmaster1.hlauth.net/127.0.0.1
address=/half-life.east.won.net/127.0.0.1
address=/www.half-life.east.won.net/127.0.0.1

##################################################
################################################## (end of example)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Add / Remove / Modify the list to match your personal needs. Placing a “#” at the beginning of any line, disables the command.

Such as Windows … Modifications to IPCOP’s “dnsmasq.conf” file require a reboot to take effect.

Now that these blocks are in place … these listed DNS requests return INSTANT FAILURE.

This is by far much more of a block then if it were done with a plug-in such as “UrlFilter” … because, absolutely nothing gets out!!!

-
Attached Files
File Type: zip dnsmasq.zip (1.3 KB, 188 views)
Reply With Quote
Sponsored Links