Can "Almost ALL Ads Blocked" do 16 things hosts do for speed, security, & reliability:
1.) Protect vs. malicious sites/servers (beyond malicious ads)
2.) Protect vs. fastflux botnets + stop communique to C&C servers
3.) Protect vs. dynamic dns botnets + stop communique to C&C servers
4.) Protect vs. DGA botnets + stop communique to C&C servers
5.) Protect vs. downed DNS (adds reliability)
6.) Protect vs. DNS redirect poisoned dns
7.) Protect vs. trackers
8.) Protect vs. spam
9.) Protect vs. phish
10.) Protect vs. bandwidth caps
11.) Get you past a dnsbl
12.) Keep you off dns request logs
13.) Speed up websurfing by adblocks & hardcoded fav. sites
14.) Work on ANY webbound app (like stand-alone email programs) multiplatform.
15.) Give you easily texteditor controlled data for the above
16.) Do all that & block ads (better than addons) more efficiently in cpu cycles + memory usage
Then you said:
I never SAID (not even once anywhere) hosts "cure all ills"
lolwut?
Remember, this whole thread started because I said software can trivially bypass hosts files, and you flipped your shit.
Hosts files are NOT effective at blocking command&control of botnets. I actually agree with most of the rest of the list, but hosts files are not the silver bullet you make them out to be.
Actually, I found a good reference for malware that does perform DNS directly. See page 9 at OpenDNS - DNS Role in Botnets.
They reference malware using custom DNS servers, and also malware tunneling messages through the DNS protocol.
Here's a quote:
At present time, there are few to no effective countermeasures cited by the security community to detect or prevent DNS-based botnet communications. Some larger, security-aware organizations could use techniques such as "split horizon" DNS. This will force internal hosts to send their DNS requests only through the network DNS server.
So there you go - a network solution. But the malware they mention completely bypasses OS hosts files.
While I'm sure this message will be lost on the slashdot forums, I submit that liberals and libertarians actually agree on a whole range of issues. Paul was able to work with a Democrat from Oregon on this, after all.
Now, if only they could take care of the things they have in common before tackling the things they don't, we could see change that most slashdotters would applaud.
I don't see Oliver Day of SecurityFocus on there. Weren't you going to cite him?
I do see the text:
Also, in the HELP entry associated with the Hosts File Tool, a sentence begins with: "Spybot-S&D can add a prepared list of web sites known for bad behaviour . .."
Which indicates it blocks websites, not command and control servers for botnets.
Wait a minute, the spybot site is actually https://www.safer-networking.o..., not spybot.info. So, you didn't post a link to the spybot site.
What guides? Search "HOW TO SECURE Windows 2000/XP" on Google or BING... MOST of them, are mine & got me PAID for them (thus, professional, accepting monies for it) even here http://pcpitstop.com/news/winn... [pcpitstop.com]
Most of those are yours? I see two were written by Mindy. Is that you?
Want more? I'll cite Mr. Oliver Day of SECURITYFOCUS a division of Norton/Symantec also IF need be...
Want an except from my email where I got NOD32/ESET to remove a FALSE POSITIVE on my ware they had AND Aryeh Goretsky, their LEAD CODER iirc, ADMITTING HOSTS ARE GOOD FOR SECURITY as yet another layer of it?
Yes, I would like to see those e-mails.
the guides I put out for securing Windows users espouses "layered-security"/"defense-in-depth" & I was PAID for them no less
* Same ones I crushed that wannabe raymorris with here http://it.slashdot.org/comment... and their DIRECT comments on hosts are shown there, not just their names (as I did here since/. now limits AC post lengths).
Haha, besides the hilarious posts where you pretend to be someone else congratulating yourself, all I see are people who use hosts files to block ads, which is a good use.
Oh wait, one guy null routes suspicious traffic! You do know that null routing does not involve hosts files, right? Why is that quote in there?
Oh, ok. It's hard to understand your verbal diarrhea.
No, malware that connects directly to an IP isn't designed to evade host files. It's just primitive malware that didn't bother to implement DNS-based resiliency.
And no, if you block a domain in a hosts file, you are not secure from connections to the domain. 4 lines of Python can bypass the host file.
What software is that? You're avoiding a SIMPLE question! If I block a domain name in hosts IS IT BLOCKED (DGA generated or not)??
No.
The python code below resolves example.com by connecting directly to Google's DNS servers. It does not check the hosts file.
(Answer that question... & again - this question too: IF/WHEN I block a domain OR subdomain in hosts, IS IT BLOCKED?)
The answer is "no," but I just answered that question.
I could write my own code too - mainstream widely used wares... what ones do that?
So, you're asking what malware in the wild evades hosts files? None that I know of, but that does not mean your approach is secure. We fix vulnerabilities before they are exploited, not after.
P.S.=> You're a weasel, above ALL else, & one that refuses to answer a SIMPLE question above (& the other one on blocking too)... apk
I don't think you understand security. Attackers are sneaky and do whatever they can to evade controls.
Not true, a hosts file is trivial to bypass. Any piece of software can send TCP/UDP 53 traffic to a DNS server and resolve the name itself.
Question #2: Is that what YOU DO WITH YOUR DGA BOTNET, Mr. Expert (who speaks for all botnet masters like himself)?
I don't run botnets, but I do understand what a domain-generating ALGORITHM is. The algorithms are seeded with the current time, so the list of domains is always changing.
Now, if you reverse engineer the algorithm out of the malware, you could theoretically build a list of all domain names the malware will use in the future, but usually when I hear about reverse engineering a DGA, it's because microsoft and other companies have pre-registered those domain names as part of a botnet takedown. At any rate, you clearly don't understand what you're talking about.
What I know about Obama, peace be upon him, is that I had a job, when Bush was President.
This is especially ironic to me, because I was laid off around the end of Bush's term (you know, in the Great Recession), and now I'm making 40% more than before I was laid off.
I've never actually seen anybody claim the economy was better under Bush. This clown must live in a different world where things like facts and reality don't matter. But, it's entertaining!
Slashdot Mirror
Hey APK, I heard you can totally bypass hosts files with just 4 lines of Python, is that true?
You said:
Then you said:
lolwut?
Remember, this whole thread started because I said software can trivially bypass hosts files, and you flipped your shit.
Hosts files are NOT effective at blocking command&control of botnets. I actually agree with most of the rest of the list, but hosts files are not the silver bullet you make them out to be.
and yet, many Democrats and many Libertarians agree on rolling back the Patriot Act and massively scaling back the War-on-Drugs police state.
Did you look at the PDF? The malware speaks DNS protocols directly, bypassing the syscalls that check hosts files. Thats what you asked for earlier.
Actually, I found a good reference for malware that does perform DNS directly. See page 9 at OpenDNS - DNS Role in Botnets.
They reference malware using custom DNS servers, and also malware tunneling messages through the DNS protocol.
Here's a quote:
So there you go - a network solution. But the malware they mention completely bypasses OS hosts files.
Yeah, sorry, I was blinded by all the verbal diarrhea.
That article is more than six years old. Got something more recent? He still says it's meant for blocking websites.
While I'm sure this message will be lost on the slashdot forums, I submit that liberals and libertarians actually agree on a whole range of issues. Paul was able to work with a Democrat from Oregon on this, after all.
Now, if only they could take care of the things they have in common before tackling the things they don't, we could see change that most slashdotters would applaud.
I don't see Oliver Day of SecurityFocus on there. Weren't you going to cite him?
I do see the text:
Which indicates it blocks websites, not command and control servers for botnets.
Wait a minute, the spybot site is actually https://www.safer-networking.o..., not spybot.info. So, you didn't post a link to the spybot site.
Most of those are yours? I see two were written by Mindy. Is that you?
Yes, please cite Mr. Oliver Day.
That's not a link to the Spybot site.
Show me a link on the Spybot site that says it uses hosts files.
Yes, I would like to see those e-mails.
What guides? Links, please.
Haha, besides the hilarious posts where you pretend to be someone else congratulating yourself, all I see are people who use hosts files to block ads, which is a good use.
Oh wait, one guy null routes suspicious traffic! You do know that null routing does not involve hosts files, right? Why is that quote in there?
Know why no malware needs to do its own DNS lookups?
Because nobody uses hosts files for security. I read somewhere that they can be defeated with 4 lines of unprivileged python.
So, when someone discovers a zero-day vulnerability, it's just "hypothetical bullshit" because nobody has exploited it "mainstream malware?"
Oh, ok. It's hard to understand your verbal diarrhea.
No, malware that connects directly to an IP isn't designed to evade host files. It's just primitive malware that didn't bother to implement DNS-based resiliency.
And no, if you block a domain in a hosts file, you are not secure from connections to the domain. 4 lines of Python can bypass the host file.
Wait, what did I learn? That you can block IPs with a firewall?
I need to make sure
I said:
Then you said:
What part of that makes sense to you?
The answer is "no," but I just answered that question.
So, you're asking what malware in the wild evades hosts files? None that I know of, but that does not mean your approach is secure. We fix vulnerabilities before they are exploited, not after.
I don't think you understand security. Attackers are sneaky and do whatever they can to evade controls.
No.
The python code below resolves example.com by connecting directly to Google's DNS servers. It does not check the hosts file.
Not true, a hosts file is trivial to bypass. Any piece of software can send TCP/UDP 53 traffic to a DNS server and resolve the name itself.
I don't run botnets, but I do understand what a domain-generating ALGORITHM is. The algorithms are seeded with the current time, so the list of domains is always changing.
Now, if you reverse engineer the algorithm out of the malware, you could theoretically build a list of all domain names the malware will use in the future, but usually when I hear about reverse engineering a DGA, it's because microsoft and other companies have pre-registered those domain names as part of a botnet takedown. At any rate, you clearly don't understand what you're talking about.
Yeah, he has an anti-Obama troll in his sig.
His backup sig is:
This is especially ironic to me, because I was laid off around the end of Bush's term (you know, in the Great Recession), and now I'm making 40% more than before I was laid off.
I've never actually seen anybody claim the economy was better under Bush. This clown must live in a different world where things like facts and reality don't matter. But, it's entertaining!
Sorry, this is still incorrect. The whole point of a Domain-Generating Algorithm is to evade domain name blocking and takedowns.
By the time you add known DGA domain names to a blocklist, they are already defunct, and the malware has moved on to new domain names.
Hey fucktard, what's the free-market solution to online harassment?
LOL, this is like watching a parade of delusion.
Are you sure you aren't APK?