Do you use HOSTS file ?

Hello all,

I wrote a page about Host File and how to use it.
http://www.ifrance.com/programmershouse/HOSTS-EN.HTML
What do you think about it and what else more could I add to it ?

Stickman answered me : "Unfortunately, using the hosts file to block
unwanted content is terribly inefficient."
Why is that ? Do you think squid is more efficient ? Or iptables ?
What about Microsoft OS too ?

Thanks

Programmershouse wrote:

> I wrote a page about Host File and how to use it.
> http://www.ifrance.com/programmershouse/HOSTS-EN.HTML
> What do you think about it and what else more could I add to it ?

You cannot know the absolute location of the hosts file. For example, the
hosts file of the XP machine I'm writing this on is not located where you
state it is. Neither is my browser cache. You are writing in second person
when you mean first.

> Stickman answered me : "Unfortunately, using the hosts file to block
> unwanted content is terribly inefficient."
> Why is that ?

Because it blocks nothing - it works by breaking name lookups. It isn't even
on topic for comp.security.firewalls. Follow-ups set.

Thor

--
http://www.anta.net/

"Programmershouse" <spamprogrammershouse@yahoo.fr>
wrote in news:eeba0ece.0407230634.3b624881@posting.google.c om:
> Hello all,
>
> I wrote a page about Host File and how to use it.
> http://www.ifrance.com/programmershouse/HOSTS-EN.HTML
> What do you think about it and what else more could I add to it ?
>
> Stickman answered me : "Unfortunately, using the hosts file to block
> unwanted content is terribly inefficient."
> Why is that ? Do you think squid is more efficient ? Or iptables ?
> What about Microsoft OS too ?
>
> Thanks

As an example, why bother tracking and updating 50-plus fully qualified
hosts in a hosts file, like at
http://www.mvps.org/winhelp2002/hosts.txt, for all the Doubleclick sites
rather than use just one regular expression in a URL filter in a
firewall, like ":////.*/.doubleclick/..*//" (which might be better
understood as "://*.doubleclick.*/")? You cannot use wildcarding in the
hosts file and that is why there are lots of entries for the same entity
you want to block.

In the hosts file, all hostnames must be fully qualified host names.
URL filtering eliminates having to list, maintain, and update dozens and
dozens of sites associated to just one entity that you want to block.
Even if your firewall only supports simplistic URL rules, you can
probably block on ".doubleclick.com/" and ".doubleclick.net/" to block
almost all of Doubleclick. Also, when your firewall does the blocking,
it typically inserts a message for the blocked content to alert you that
the firewall blocked it. When using the hosts file, all you get is an
error page where it is not obvious what caused the block nor that
anything was actually blocked. Instead the error page looks to be a
problem with the connection, the DNS records, your local DNS cache, or
whatever but which does not announce itself as the agent for the block.

Since anyone that is using a hosts file to block access to some sites
should obviously also be running a firewall, use URL filtering rules in
the firewall that you already have running.

--
__________________________________________________
*** Post replies to newsgroup. Share with others.
(E-mail: domain = ".com", add "=NEWS=" to Subject)
__________________________________________________

Programmershouse wrote:
> Hello all,
>
> I wrote a page about Host File and how to use it.
> http://www.ifrance.com/programmershouse/HOSTS-EN.HTML
> What do you think about it and what else more could I add to it ?
>
> Stickman answered me : "Unfortunately, using the hosts file to block
> unwanted content is terribly inefficient."
> Why is that ? Do you think squid is more efficient ? Or iptables ?
> What about Microsoft OS too ?
>
> Thanks

Windows actually has a hosts file too!! On XP it's in
C:\WINDOWS\system32\drivers\etc
there is a networks, protocols, and services too.

Too block unwanted IP's I'd use tcpwrappers (the files hosts.deny and
hosts.allow in /etc) and for windows OS's I'd do it at the firewall or
router level (for example set up ACLs on cisco's routers)

Dave

Dave Yingling wrote:

> Windows actually has a hosts file too!! On XP it's in
> C:\WINDOWS\system32\drivers\etc
> there is a networks, protocols, and services too.

Once again, it may just as well be elsewhere.
<URL:news:410217E1.AA792B18@anta.net>

Thor

--
http://www.anta.net/

On Tue, 27 Jul 2004 12:16:29 +0300, Thor Kottelin spoketh

>
>
>Dave Yingling wrote:
>
>> Windows actually has a hosts file too!! On XP it's in
>> C:\WINDOWS\system32\drivers\etc
>> there is a networks, protocols, and services too.
>
>Once again, it may just as well be elsewhere.
><URL:news:410217E1.AA792B18@anta.net>
>
>Thor

By default, the hosts file are in the locations described. I figure if
someone have gone through the trouble of editing the registry to move
the file, then they would know where it was, and wouldn't need anyone
elses help in telling them where it can be found.

Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)

spamprogrammershouse@yahoo.fr (Programmershouse) writes:

>http://www.ifrance.com/programmershouse/HOSTS-EN.HTML
>What do you think about it and what else more could I add to it ?

That it's an absolute worst case kludge when you have no other alternative.

>Stickman answered me : "Unfortunately, using the hosts file to block
>unwanted content is terribly inefficient."
>Why is that ?

A number of reasons:
* You have to list every host separately, an impossibly long task.
* If your local machine doesn't run a web server, the references to
127.0.0.1 will take ages to time out, quite possibly taking longer
than just loading the ad banners in the first place!
* If you get around this by pointing those hosts entries at the closest
web server instead, such as your ISP's web server, that's even kludgier,
and has to be changed whenever you change ISPs.
* If your local machine does run a web server, pages may not display
nicely with missing parts.

>Do you think squid is more efficient ? Or iptables ?

www.privoxy.org

>What about Microsoft OS too ?

There's a Windoze version of privoxy too.

--
Craig Macbride <craig@f8d.com> http://www.f8d.com
---------------------------------------------------------------------------
I don't want to achieve immortality through my work...
I want to achieve it through not dying. - Woody Allen

"Lars M. Hansen" wrote:
>
> On Tue, 27 Jul 2004 12:16:29 +0300, Thor Kottelin spoketh

> >Dave Yingling wrote:
> >
> >> Windows actually has a hosts file too!! On XP it's in
> >> C:\WINDOWS\system32\drivers\etc
> >> there is a networks, protocols, and services too.
> >
> >Once again, it may just as well be elsewhere.
> ><URL:news:410217E1.AA792B18@anta.net>

> By default, the hosts file are in the locations described. I figure if
> someone have gone through the trouble of editing the registry to move
> the file, then they would know where it was, and wouldn't need anyone
> elses help in telling them where it can be found.

I haven't edited the registry (in that respect), but my hosts file is still
not in C:\WINDOWS\system32\drivers\etc.

Thor

--
http://www.anta.net/

On Tue, 27 Jul 2004 21:21:12 +0300, Thor Kottelin spoketh

>
>
>"Lars M. Hansen" wrote:
>>
>> On Tue, 27 Jul 2004 12:16:29 +0300, Thor Kottelin spoketh
>
>> >Dave Yingling wrote:
>> >
>> >> Windows actually has a hosts file too!! On XP it's in
>> >> C:\WINDOWS\system32\drivers\etc
>> >> there is a networks, protocols, and services too.
>> >
>> >Once again, it may just as well be elsewhere.
>> ><URL:news:410217E1.AA792B18@anta.net>
>
>> By default, the hosts file are in the locations described. I figure if
>> someone have gone through the trouble of editing the registry to move
>> the file, then they would know where it was, and wouldn't need anyone
>> elses help in telling them where it can be found.
>
>I haven't edited the registry (in that respect), but my hosts file is still
>not in C:\WINDOWS\system32\drivers\etc.
>
>Thor

Well, there are a number of reasons why that might be the case...

Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)

On 27 Jul 2004 08:03:09 -0600, Craig Macbride spoketh



>* If your local machine doesn't run a web server, the references to
>127.0.0.1 will take ages to time out, quite possibly taking longer
>than just loading the ad banners in the first place!

No it won't. That will only happen if you are running a software
firewall on your desktop that for some reason are quietly dropping
connection attempts to localhost. Normally, connections from localhost
to localhost on a closed port will result in a quick RST, not a slow
timeout.

>* If you get around this by pointing those hosts entries at the closest
>web server instead, such as your ISP's web server, that's even kludgier,
>and has to be changed whenever you change ISPs.

See above.

>* If your local machine does run a web server, pages may not display
>nicely with missing parts.
>

image tags and embedded objects should have the size of the image/object
specified, in which case it doesn't matter if the object or image is
loaded. The browser will simply set aside an area of the proper size on
the page and not load the object...

Lars M. Hansen
www.hansenonline.net
Remove "bad" from my e-mail address to contact me.
"If you try to fail, and succeed, which have you done?"