win host

This is the place to bitch, bash, and get help with all things Windows.
Post Reply
ramiia
Corporal
Posts: 129
Joined: Mon Jul 16, 2007 11:23 pm
Location: Sampo 69

win host

Post by ramiia » Sun Aug 21, 2011 1:25 am

a couple of days before, I made an inquiry in the chat room about blocking all .swf file extension using win hosts, granted that I cant do it in the said method, I blocked most timewaster websites I know:

Code: Select all

127.0.0.1 facebook.com
127.0.0.1 youtube.com
however, the unit can still surf those websites, what did i do wrong?

psilocybin
Sargeant at Arms
Posts: 191
Joined: Tue Feb 17, 2009 5:27 am

Re: win host

Post by psilocybin » Sun Aug 21, 2011 2:38 am

I don't really want to debug your networking issue, but I'd just like to say that if you're using firefox or chrome (and probably opera and others), that you can get an extension called flashblock that does exactly what you want.

ramiia
Corporal
Posts: 129
Joined: Mon Jul 16, 2007 11:23 pm
Location: Sampo 69

Re: win host

Post by ramiia » Sun Aug 21, 2011 8:33 am

only problem is the user is using IE 8,

edit: ah yes flashblock is available in IE too, thanks for the input... BUT still if the user is kind-off technical genius he/she could easily thwart my security settings, right?

psilocybin
Sargeant at Arms
Posts: 191
Joined: Tue Feb 17, 2009 5:27 am

Re: win host

Post by psilocybin » Sun Aug 21, 2011 9:27 pm

ohh ok, I misunderstood your intentions. so you're trying to block flash for users on a work network? and we're assuming the users are hostile?

I don't have much experience with this kind of network administration, so take everything I say with a grain of salt, but you might try blocking flash by rerouting all traffic to a transparent squid proxy on the gateway machine, then with a perl script that blocks certain file extensions and sites. here's where I got that idea, so you can use this for an example: http://www.ex-parrot.com/pete/upside-down-ternet.html

there might be an easier/better way to do all this, idunno. of course this can be bypassed if they use their own proxy.

ramiia
Corporal
Posts: 129
Joined: Mon Jul 16, 2007 11:23 pm
Location: Sampo 69

Re: win host

Post by ramiia » Mon Aug 22, 2011 5:41 am

nice trick, I could use that site for my wifi at home, is it also applicable to pc connected to lan? *since it uses the pc's mac address to block that unit*

Code: Select all

/etc/dhcpd.conf
with that file location I'm assuming that dhcpd.conf is saved in

Code: Select all

windows/system32/drivers/etc
right?

Code: Select all

        subnet *.*.*.* netmask 255.255.255.0 {
                range *.*.*.* *.*.*.*;
                option routers *.*.*.*;
                option subnet-mask 255.255.255.0;
                option domain-name "XXXXX";
                option domain-name-servers *.*.*.*;
                deny unknown-clients;

                host trusted1 {
                        hardware ethernet *:*:*:*:*:*;
                        fixed-address *.*.*.*;
                }
		}
this code refers to all units supposed to be blocked off the net right?

and that the succeeding code refers to all allowed units (correct if I'm wrong)

and umm IPTABLES... the strings of command is doable via cmd?

the redirection script... where should I put it?

ty for the help

Post Reply