#21  
Old 19th March 2010, 03:03
Elixa Elixa is offline
Junior Member
 
Join Date: Mar 2008
Posts: 6
Thanks: 0
Thanked 3 Times in 3 Posts
Wink How to selectively stop a DNS request from being made … with Windows and / or IPCOP.

How to break / block PowerDVD v6, Internet Download Manager (IDM), Windows, IPCOP & IPCOP addons / plug-ins, from looking for updates and / or whatever else they might be doing behind your back.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Both Windows & IPCOP have a similar way to hardwire break a DNS lookup …

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

The “Windows hosts file” can be found in the folder …

C:\WINDOWS\system32\drivers\etc … hosts

Usually used to redirect DNS requests this file can also be used to hardwire break a connection request by directing the request to the loopback address instead …ie 127.0.0.1

Below is a simple set of addresses that I use in the “hosts” file ... which insures that these requests never make it out (into the www) … because despite having blocked the application via some personal internal firewall … the request / lookups were still being made … until now. (Modifications require a reboot to take effect). Use most any basic Windows text editor to modify the file.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

################################################## (start of example)
##################################################

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

##################################################
###### Microsoft - ET Phone Home

127.0.0.1 crl.microsoft.com

##################################################
###### PowerDVD v6 - ET Phone Home

127.0.0.1 liveupdate.gocyberlink.com

127.0.0.1 detect.gocyberlink.com

##################################################
###### Microsoft - ET Phone Home (MS & Adobe both use crl.verisign.com)

127.0.0.1 crl.verisign.com

127.0.0.1 csc3-2004-crl.verisign.com

##################################################
###### Internet Download Manager - update

127.0.0.1 www.internetdownloadmanager.com

127.0.0.1 internetdownloadmanager.com

127.0.0.1 registeridm.com

##################################################
################################################## (end of example)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IPCOP has a similar app / tool / method that accomplishes the same thing … built in … via “dnsmasq” … but the default IPCOP install gives no configuration file for it to follow. Should IPCOP be directed to use / implement “dnsmasq” … its configuration file would be located in …

/etc … dnsmasq.conf

In order to make use of the built-into-IPCOP “dnsmasq” utiltily … all you have to do is make a “dnsmasq.conf” file & place it in the folder “/etc” … using similar syntax within the file as shown in the example below.

Every time IPCOP starts up it called out for updates & some of the plug-ins did so also upon viewing them via the IPCOP gui … so with the use of another upstream IPCOP the following list (below) was harvested / compiled. (DNS requests can also be viewed within the IPCOP gui … via “Logs/System” … then change “Section:” to “DNS” … then click the “Update” button)

With a Linux text editor (Windows made files may error) … perhaps from your favorite SSH – sftp client, create the file in the IPCOP folder “/etc” … named “dnsmasq.conf” and add the following to it … (or download the file attached below and copy it to “/etc”)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

################################################## (start of example)
##################################################

################################################## #############################


################################################## #############################
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

# See ... /var/log/messages ... For debugging info.

# For debugging purposes, log each DNS query as it passes through dnsmasq.
log-queries

# Log lots of extra information about DHCP transactions.
# log-dhcp

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
################################################## #############################

# IPCop - Stop IPCop from looking for update.
address=/www.ipcop.org/127.0.0.1
# address=/sourceforge.net/127.0.0.1
# address=/vhost.sourceforge.net/127.0.0.1

# IPCop - Stop UrlFilter from looking for update.
address=/www.urlfilter.net/127.0.0.1

# IPCop - Geoip update.
address=/www.maxmind.com/127.0.0.1

# IPCop - Copfilter -- ET Phone Home
address=/www.copfilter.org/127.0.0.1
address=/www.copfilter.org/LATEST-VERSION/127.0.0.1

# IPCop - Advanced Proxy version check.
address=/www.advproxy.net/127.0.0.1
address=/www.advproxy.net/version/ipcop/latest/127.0.0.1

# IPCop - IPTables GUI - update check
address=/ipcop-addons.ath.cx/127.0.0.1

# Web - Redicecreations.com, map spyware from, NoZone, Inc. Chicago IL.
address=/maps.amung.us/127.0.0.1
address=/whos.amung.us/127.0.0.1

# Software - HP Printer Update
# address=/www.hp.com/127.0.0.1
# address=/www.hpgtm.nsatc.net/127.0.0.1

# Firefox & Addons
address=/addons.mozilla.org/127.0.0.1
address=/fxfeeds.mozilla.com/127.0.0.1
address=/www.firefoxdownload.com/127.0.0.1
address=/firefoxdownload.com/127.0.0.1

# Firefox (New v3.5.2)
# address=/sb-ssl.google.com/127.0.0.1
# address=/ocsp.thawte.com/127.0.0.1
# address=/ocsp.verisign.net/127.0.0.1
# address=/www.verisign.net/127.0.0.1
# address=/verisign.net/127.0.0.1
# address=/www.verisign.com/127.0.0.1
# address=/verisign.com/127.0.0.1
# address=/www.squidguard.org/127.0.0.1
# address=/squidguard.org/127.0.0.1
# address=/www.stopbadware.org/127.0.0.1
# address=/stopbadware.org/127.0.0.1

# Google - ET Phone Home
# address=/sb.google.com/127.0.0.1

# PowerDVD v6 - ET Phone Home
address=/liveupdate.gocyberlink.com/127.0.0.1
address=/detect.gocyberlink.com/127.0.0.1

# Macromedia -- ET Phone Home
address=/crl.verisign.com/127.0.0.1
address=/www.adobe.com/127.0.0.1
address=/www.macromedia.com/127.0.0.1
address=/adobe.omniture.112.2o7.net/127.0.0.1

# Alcohol 120% - ET Phone Home
address=/www.alcohol-soft.com/127.0.0.1
address=/vodka.alcohol-soft.com/127.0.0.1

# Internet Download Manager - update
address=/www.internetdownloadmanager.com/127.0.0.1
address=/registeridm.com/127.0.0.1

# Microsoft - ET Phone Home
address=/crl.microsoft.com/127.0.0.1

# Microsoft - ET Phone Home (MS & Adobe both use crl.verisign.com)
# address=/crl.verisign.com/127.0.0.1
address=/csc3-2004-crl.verisign.com/127.0.0.1

# Microsoft - ET Phone Home
address=/www.download.windowsupdate.com/127.0.0.1
address=/www.download.windowsupdate.nsatc.net/127.0.0.1
address=/mscom-wui.vo.llnwd.net/127.0.0.1

# Microsoft - Windowsmedia ET Phone Home
address=/autoupdate.windowsmedia.com/127.0.0.1
address=/codecs.microsoft.com/127.0.0.1

# Microsoft - Office ET Phone Home
# address=/www.office.microsoft.com/127.0.0.1
# address=/office.microsoft.com/127.0.0.1
# address=/www.support.microsoft.com/127.0.0.1
# address=/support.microsoft.com/127.0.0.1
# address=/www.support.microsoft.akadns.net/127.0.0.1
# address=/support.microsoft.akadns.net/127.0.0.1
# address=/www.microsoft.com/127.0.0.1
# address=/microsoft.com/127.0.0.1
# address=/www.js.microsoft.com/127.0.0.1
# address=/js.microsoft.com/127.0.0.1
# address=/www.i.microsoft.com.edgesuite.net/127.0.0.1
# address=/i.microsoft.com.edgesuite.net/127.0.0.1

# ZoneAlarm - ET Phone Home
address=/zonelabs.com/127.0.0.1
address=/cm2.zonelabs.com/127.0.0.1

# Filseclab - ET Phone Home
address=/filseclab.com/127.0.0.1
address=/messenger3.filseclab.com/127.0.0.1
address=/onlineres.148.hh82.com/127.0.0.1

# Gravatar - Tracking Avatar (Suspicious Behavior)
address=/gravatar.com/127.0.0.1
address=/www.gravatar.com/127.0.0.1
address=/en.gravatar.com/127.0.0.1
address=/www.en.gravatar.com/127.0.0.1

# CounterStrikeCZ - ET Phone Home
address=/207.173.177.11/127.0.0.1
address=/207.173.177.12/127.0.0.1
address=/11.177.173.207.in-addr.arpa/127.0.0.1
address=/12.177.173.207.in-addr.arpa/127.0.0.1
address=/steam1.steampowered.com/127.0.0.1
address=/www.steam1.steampowered.com/127.0.0.1
address=/steam2.steampowered.com/127.0.0.1
address=/www.steam2.steampowered.com/127.0.0.1
address=/hlmaster1.hlauth.net/127.0.0.1
address=/www.hlmaster1.hlauth.net/127.0.0.1
address=/half-life.east.won.net/127.0.0.1
address=/www.half-life.east.won.net/127.0.0.1

##################################################
################################################## (end of example)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Add / Remove / Modify the list to match your personal needs. Placing a “#” at the beginning of any line, disables the command.

Such as Windows … Modifications to IPCOP’s “dnsmasq.conf” file require a reboot to take effect.

Now that these blocks are in place … these listed DNS requests return INSTANT FAILURE.

This is by far much more of a block then if it were done with a plug-in such as “UrlFilter” … because, absolutely nothing gets out!!!

-
Attached Files
File Type: zip dnsmasq.zip (1.3 KB, 175 views)
Reply With Quote
Sponsored Links
  #22  
Old 11th April 2010, 01:37
dxighithall dxighithall is offline
Junior Member
 
Join Date: Apr 2010
Posts: 2
Thanks: 1
Thanked 0 Times in 0 Posts
Default Samba SWAT on ipcop

Elixa,
Is there a way to enable SWAT on ipcop without BlockOutTraffic?

Here is an screenshot what I'am seing right now
http://img140.imageshack.us/img140/1...xecuteswat.jpg


Quote:
Originally Posted by Elixa View Post
samba-0.2.1.tar.gz


From www.h-loit.de (www 'dot' h-loit 'dot' de) *(German only)

For those who cannot download from original source … good luck ... as 18 mb was too large to upload here.

Included modification info below that is necessary for installation into IPCOP v1.4.20 ... updated to IPCOP v1.4.21

To use samba-0.2.1.tar.gz the default IPCOP access port must be changed from port 445 to something else … easily accomplished by using guiports-1.6.2.tar.gz

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-

Copy samba-0.2.1.tar.gz


to /tmp/bot1/ (example)

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-

Enter terminal command:


tar -zxvf samba-0.2.1.tar.gz

(before next step ... see modification below)


Command had to be executed from the console. (local machine)


./install -i

during install enter ... for example * (your personal network range) ... 192.168.0.0/16

later ... in the gui (global settings, advanced view) ...

... allow ... 192.168.0.0/16 *(your personal network range ... could be different)
... deny ... 0.0.0.0/0 *(these settings keep access limited to your personal network)

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-

For ... IPCOP v1.4.20 ... updated to (IPCOP v1.4.21)


edit install ... line 705

change '2.4.34' to '2.4.36'

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-

To view and use the addon go to IPCop/Services/Samba Server/


Check 'enable Samba Server ?' ...
... click 'save' ... then click 'start'.

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-

To login into the SWAT settings use the username and password for root user of IPCOP.

If using BlockOutTraffic 3.0.0 - Build 3 ...
Port 901 had to be opened ... 'IPCop access'

Default shared folder 'files'

Default username and password for shared folder 'samba:samba'




Enjoy ;-)
Reply With Quote
  #23  
Old 27th April 2010, 05:07
Elixa Elixa is offline
Junior Member
 
Join Date: Mar 2008
Posts: 6
Thanks: 0
Thanked 3 Times in 3 Posts
Default Samba & SWAT - Ports

Quote:
@dxighithall - “Is there a way to enable SWAT on ipcop without BlockOutTraffic?”
Yes, no problem.

“BlockOutTraffic” is not prerequisite for Samba … I just included a hint about how to rule “BlockOutTraffic” in the event that someone was using that plugin also (because “BlockOutTraffic” can be a pain in the a--).

If using BlockOutTraffic 3.0.0 - Build 3 ...
Port 901 had to be opened ... 'IPCop access'

… but only if, you are using “BlockOutTraffic”

The only prerequisite that was necessary for “Samba” was the changing of the gui port from 445 to something else … so that “Samba” could use that port. In my travels I came across information about a script or command, built into IPCOP, that could change the default gui port … though I have no idea where to look for it now … but that simple modification can be done with “guiports-1.6.2.tar.gz”, easily.

I see from the picture you provided that you are using port 446 to access the “Samba” page … so I can assume you did change the gui access port successfully (port 445 being needed for the share).

It’s kind of sad waiting two weeks for such a simple answer … but here it goes (sorry about the delay) …

Try using the following url … (the IP is specific to dxighithall’s example)

Quote:
HTML Code:
https://192.168.1.21:901
Upon success ... within the SWAT settings, consider disabling the printer & / or other services that you don't need (for security & resource reasons).

Good luck …& if that doesn’t work … say something & I’ll reinstall it (& then post a better response).
Hope that helped.
-

Last edited by Elixa; 27th April 2010 at 06:40.
Reply With Quote
  #24  
Old 27th April 2010, 06:41
dxighithall dxighithall is offline
Junior Member
 
Join Date: Apr 2010
Posts: 2
Thanks: 1
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by Elixa View Post
Yes, no problem. “BlockOutTraffic” is not prerequisite for Samba … I just included a hint about how to rule “BlockOutTraffic” in the event that someone was using that plugin also (because “BlockOutTraffic” can be a pain in the a--).

If using BlockOutTraffic 3.0.0 - Build 3 ...
Port 901 had to be opened ... 'IPCop access'

… but only if, you are using “BlockOutTraffic”

The only prerequisite that was necessary for “Samba” was the changing of the gui port from 445 to something else … so that “Samba” could use that port. In my travels I came across information about a script or command, built into IPCOP, that could change the default gui port … though I have no idea where to look for it now … but that simple modification can be done with “guiports-1.6.2.tar.gz”, easily.

I see from the picture you provided that you are using port 446 to access the “Samba” page … so I can assume you did change the gui access port successfully (port 445 being needed for the share).

It’s kind of sad waiting two weeks for such a simple answer … but here it goes (sorry about the delay) …

Try using the following url … (the IP is specific to dxighithall’s example)



Upon success, within the SWAT settings, consider disabling the printer & / or other services that you don't need (for security & resource reasons).

Good luck …& if that doesn’t work … say something & I’ll reinstall it (& then post a better response).
Hope that helped.
-
Excellent!
Thanks a lot!!! now I can use SWATool

Reply With Quote
  #25  
Old 28th April 2010, 01:21
Elixa Elixa is offline
Junior Member
 
Join Date: Mar 2008
Posts: 6
Thanks: 0
Thanked 3 Times in 3 Posts
 
Default Simple modification to the IPCOP css style menu … for a more visible menu hover color

Info … to change the default menu hover color from a bright white to one of the colors in the IPCOP shield (a yellow-ish orange)

In the file … /home/httpd/html/include/ipcop.css … (near the bottom of the page) …
Find the following … clipped out of context …


Before …
---------- ---------- ---------- ---------- ----------

div.ipcop_menuElementHover {
color: #FFFFFF;
}

div.ipcop_subMenuElement {
padding: 3px;
color: #DEDFEF;
}
div.ipcop_subMenuElementHover {
padding: 3px;
color: #FFFFFF;
}

---------- ---------- ---------- ---------- ----------


After … *(2 changes)
---------- ---------- ---------- ---------- ----------

div.ipcop_menuElementHover {
color: #FFCC33;
}

div.ipcop_subMenuElement {
padding: 3px;
color: #DEDFEF;
}
div.ipcop_subMenuElementHover {
padding: 3px;
color: #FFCC33;
}

---------- ---------- ---------- ---------- ----------


Change the default hover color … from #FFFFFF … to #FFCC33 … *(above example already modified)

Save the file … then refresh any IPCOP cgi page …
… the IPCOP menu should now be a little easier to see – n’ navigate.
-
Attached Images
 
Reply With Quote
The Following User Says Thank You to Elixa For This Useful Post:
falko (28th April 2010)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 17:50.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.