Hey everyone

Here is the deal: My computer is infected with sort of a spyware/virus/torjan/something and it keeps installing different BHOs on my system (ie. changes the homepage and default page) and even worse, everytime that happens it downloads ton to Torjan hourses and other spyware into my system. I found the domain where the page is hosted (normally you don't see the domain, it shows as about :blank and you have "search for...") to be " changing numbers and letters).D8T.BIZ". I used my DNS service provider to find the Whois information for the owner of the domain:
Created by Registrar: INTERCOSMOS MEDIA GROUP, INC. D.B.A. DIRECTNIC.COM

there is a fake phone number (111111111 to be exact) and some yahoo mail.
Is there anything i could do according to law to stop these people from what they are doing?
anybody had any idea if there are any organizations who fight with such crimes? (is it FBI? who the hell is responsible for internet complaints? UN?)

any ideas?

Originally posted by ali:

"Hey everyone

Here is the deal: My computer is infected with sort of a spyware/virus/torjan/something and it keeps installing different BHOs on my system (ie. changes the homepage and default page) and even worse, everytime that happens it downloads ton to Torjan hourses and other spyware into my system. I found the domain where the page is hosted (normally you don't see the domain, it shows as about :blank and you have "search for...") to be " changing numbers and letters).D8T.BIZ". I used my DNS service provider to find the Whois information for the owner of the domain:
Created by Registrar: INTERCOSMOS MEDIA GROUP, INC. D.B.A. DIRECTNIC.COM

there is a fake phone number (111111111 to be exact) and some yahoo mail.
Is there anything i could do according to law to stop these people from what they are doing?
anybody had any idea if there are any organizations who fight with such crimes? (is it FBI? who the hell is responsible for internet complaints? UN?)

any ideas?
"

NSA?



* Try them, good luck, because odds are? The folks doing this are spoofing EVERYTHING, the whole 9 yards in the information you used... & herein lies the problem. It's TOO easy on today's "Wild, wild west" era of the internet to do that for spammers, virus makers, malware creators as to their true whereabouts in the realworld OR online & makes it nearly impossible for law enforcement to track down.

Most times? Law enforcement agencies only act if there is a certain dollar amount involved as a loss as well. Plus, they have a tremendous burden of proof to prove beyond a doubt that the person allegedly involved IS the person responsible, because in our system you are innocent until proven guilty (a good thing).

Nope, it's up to the internet engineering task force to redesign the web to IPV6, alter email as it stands now (too easy to fake it) & also DNS as well imo etc. & software publishing houses like Microsoft to do their part restructuring things if you ask me to make it nearly impossible for folks like that to act... & up to us as users to STOP using things like Kazaa, Emule, WinMX (don't get me wrong, I am into freebies like anyone else, but problem is - If I were out to get some payback for my hardwork in software being stolen? This is the avenue I would use... put out the real full deal of my stuff, but bomb the heck outta the installer or the code to plant destructo-wares into the systems of those responsible for making paying for food for my children alot less likely because of stealing my wares, i.e.-> my source of income!)

It's up to everyone involved to help the law, starting with your own selves. You cannot expect law enforcement to handle EVERY single complaint, they're not that big, that well organized, OR well trained. Not yet @ least.

I see the government making legislation, which is good, because a recent bill passed 45/4 vote against spam for instance & spyware too! A GREAT thing!

Microsoft is doing their part in XP SP#2, by marking data areas in memory in the OS as 'non-executable', this will prevent buffer overflow attacks by malware or virii remotely AND locally, and stop macro virus compilations or even normal .com debug compiled ones from being possible.

Thank goodness for products like AdAware, Spybot & the like as well as AntiVirus companies like AVG & AntiVir putting out basically FULL models of their products as well & updating them.

NOW, it's up to folks as the end users, to educate themselves against threats like these... & in droves, they are slowly but surely.

I remember starting to learn to use computers, & it was mind-boggling @ first (you have to try to remember those days & what it was like... how 'raw & untested' you come into this as & unsuspecting & innocent & unaware of potential threats online). I only became aware of it once certain types of attacks were used against me, causing me to lose work, get code stolen, bomb my system into disrepair, etc.

I had to take active measures of my own against it, & once I had a proven set? I put them out for folks to use... in the form of article #1 from 1997-1998 here on this website & others before it in post threads on UBB boards like @ the old 3dfiles.com website...

(I now have much more evolved sets of that article in my signature, but Philipp as a webmaster will not put them up here & I do understand why! The BAD part is, I understand from his viewpoint why: They can affect his income by blocking banner-ads & such which can potentially & are used sometimes against you by doing banner info grabs! BUT, he understands mine as a 56k user now especially, in that loading those eats MY bandwidth... & I don't have any to spare @ this snails' pace of internet use. A double-edged sword... one that affects both involved parties for the GOOD and BAD!)

These? Work! As I learned more, I created them based upon article #1 here @ this website from 1997-1998 no less & are BETTER/STRONGER/FASTER versions that only take 1/2 hour to implement for anyone with directions (explicit ones) on how & where to do their tricks/tips/techniques & with what tools:

http://www.avatar.demon.nl/APKTuneup.html
http://www.avatar.demon.nl/APK.html



* Takes effort on the part of EVERYONE involved... slow going & laborious process/evolution!

APK

P.S.=> Think of it this way: You're part of history in a way! The days of the "Wild, wild west" internet are here upon us... they'll be gone in time, & 'dangerous' (potentially) as they are? You might miss them when they are gone... & who's to say the overall alternative future of it will be "better" overall?? We can only speculate... apk

Disregard this post, see above ali... bug in forum board not accepting edited posts that I have noted to Philipp here & he suspects caching problems in underlying DB engines etc. to correct for it (probably a small tweak to caching config most likely & record level locks in DB)...

My work around to force edits on larger replies to take is to put out a small single reply: it works.



APK

I used to get laffed @ back in 1997-1999 (the first articles online for this stuff that I can see by date/time stamping online & age) about my articles content, no joke... ars folks did that among others, saying I did not know what I was talking about!

Turning off or hacking certain areas of the system for turning off services for speed & security...

Now? MS is implementing many of my ideas in XP SP#2 along with many other neat things I mention above in data memory areas being marked as non-executable, stopping buffer overflow attacks + macro virus data insert & debug compilation on the fly...

BUT, one thing I had mentioned in all of my articles online & now is proving true? That the JAVA & java script  systems online are imperfect & potential fault!

I told folks in my articles turn those off if they are not needed & from the main page today here @ NTCompatible.com & InfoWorld, you can read this article:

http://www.infoworld.com/article/04/06/24/HNnewattack_1.html?source=rss&url=http://www.infoworld.com/article/04/06/24/HNnewattack_1.html

" Internet users visiting some of the most popular sites on the Web may unwittingly be downloading malicious code that compromises their computers and sets up a relay network for a future onslaught of spam, a security services company warned Thursday.

NetSec Inc., which provides managed security services for large businesses and government agencies, began detecting suspicious traffic on several of its customers' networks on Thursday morning, said Chief Technology Officer Brent Houlahan.

Examining firewall logs and other data points on those networks, NetSec found that when users visit certain popular Web sites -- including an online auction, a search engine and a comparison shopping site -- they unwittingly download a piece of malicious java script  code attached to an image or graphics file on the site.

Without the user's knowledge, the code connects their PC to one of two IP (Internet Protocol) addresses in North America and Russia. From those systems they unknowingly download a piece of malicious code that appears to install a keystroke reader and probably some other malicious code on the computer, Houlahan said.

The code may be gathering the addresses of Web sites visited by affected users and the passwords used to access them. In addition, the IP address in Russia is a known source of spam, and the code may be creating a network of infected machines that could be used to relay spam across the Internet at some later date, he said.

He stressed that NetSec is still examining the code and has yet to determine the exact payload or the intent of the attack. The SANS Institute is also studying the outbreak, he said.

NetSec declined to name the affected Web sites for liability reasons but said they are "big, big sites." It is probably the Web hosting facilities that cache content for those sites that are infected, rather than the "origin servers" at the Internet service providers themselves, Houlahan said.

"The tricks used in this particular attack method are nothing new. What's significant about this is the fact that it impacts major Web hosting facilities," said Dan Frasnelli, who manages NetSec's technical assistance center.

The attack affects only users running Microsoft Corp.'s Windows operating system and Internet Explorer browser, he said. It was unclear Thursday how the attack originated, but it may exploit a known vulnerability in Microsoft's IIS (Internet Information Services) Web Server software at the Web hosting facilities, Frasnelli said.

It was also unclear Thursday afternoon how many systems had been compromised and how widespread was the problem. NetSec said it had protected its own customers by writing custom intrusion detection signatures and blocking its customers' PCs from visiting the IP addresses involved in the attack.

"There's a potential for widespread impact because currently the (antivirus) vendors don't have a signature for it," Frasnelli said."



* I was so sure that stuff could be misused, even though Sun & MS said their "sandbox" for java & such was 'impenetrable & safe'... you can see now, who was right.

APK

As has been pointed out before, many websites stash javacontrols into the temp files of both IE and Mozilla. One of the most common is clientsniffer.js and vb_sniffer.js . All the script does is determine what kind of browser you are using. Anantech, Sudhian, and even Cnet's download.com does it. But, once it is on your hard disk, it can be exploited. As far as I know no anti-virus detects it, nor does Spybot or Ad-aware. Bring up windows explorer and search for clients*.js or vb_*.js to see if you have it. It is not harmful and you can leave it on if you like. But, it can be exploited. This is not necessarily the control that Alec is speaking about, but it is something as innocuous as this that seems to causing concern.
In IE there is a hosts file. It seems that this gets re-written and one is sent to an address where you don't want to go. This exploit has occured before, but apparently it is more stealthy.

Originally posted by Sampson:

"
In IE there is a hosts file."

Correction: in the UNIX IP stack, which is the Windows one because it was 'ported/used' by MS as a model to pattern their on for WinSock/WinSock2 there is a HOSTS file. It affects, or can effect non-hardcoded to IP address programs, systemwide. Not just IE... IE has areas of exploit in it as well, unique to it, I go into those next below:

Originally posted by Sampson:

"It seems that this gets re-written and one is sent to an address where you don't want to go."

This can happen by mistake sometimes too! I had that happen to me as I used HOSTS files to block banners out & also to speedup surfing to my fav sites too (by not calling out DNS servers, & stashing IP to URL translations here locally acting as my OWN DNS Master Lookup Table system using a HOSTS file - my little 'blackbook' of phone #'s vs. the entire telephone book of the DNS server, & they are NOT impervious either: They can be "DNS Poisoned"...

Anyway: I issued one with mistake IP in it myself in older models of my tools, & was corrected fast once someone notified me of it (I left blocked sites I wished to no longer visit in the one I distributed to folks by accident, & once I was notified of it (the person who found it did not write me though, & should have first because I rarely visited where he posted it) was corrected in minutes & redistributed. It also had what proved to be "STALE" entries in it, which I have since removed but left in commented & noted that speedup sections need amendment IF a website changes IP address (vs. their URL name which never really changes))).

It's not a perfect system, but it does work for both performance purposes, 60ns talking to DNS servers roundtrip circuit vs. down as low today in modern disks as 3.5ns seek of the HOSTS file & fast reads of it into RAM! MANY orders of magnitude faster, no questions asked & also for security purposes (blocking banner ads & also popups to an extent, & even Pr0n sites you don't want your kids going to for instance).

BUT, You have to be ontop of HOSTS file entries, so I amended my bug of 3-4 sites being blocked because I self-blocked myself from them in fact, but issued that copy of the HOSTS file, & notified the guys I did that to by mistake...

Trouble is: They never came to me first in email or phone etc. though letting me know about it, I had to find out from those they wrote who were cool about it & in minutes I had patch issued...

Yes, some malware & virii rewrite it (I have put in features into my toolset to protect against this in write-protecting the HOSTS file in my "APK System Tools for Windows 2002++ SR-6" Command Center trayicon driven integrator in fact for this via hi-res timers protections of that file against such rewrites in fact, & it works! I did not LOCK the file (although the command center has that feature too for protecting your files against reads/writes also in another section of it: BONUS, especially for security on LAN/WAN or internet, supplementing NTFS features & another app that removes repeats from the HOSTS file which can bloat it & slow down the Ip stack potentially as well that uses it also can enable/disable use of it on the fly no less!)

Originally posted by Sampson:

"This exploit has occured before, but apparently it is more stealthy."

It's nothing compared to say, a malware rewriting the blocked restricted sites lists in IE which are in the registry, vs. say HOSTS file which anyone with notepad.exe can get to & immediately edit (easy to navigate & understand compared to the registry).

There are 'faults' & potential holes here in both areas & more in the OS itself as well as the IP stack: So many things are 'double-edged swords' in this life, don't you agree?

Easy to screwup yourself too (heck, I did by accident as I mention above by issuing wrong version of a file I had in my toolset vs. the one I intended to distribute (with over 512mb of files in the development of a 23mb zipfile I distribute for my apps to happen? EASY to do, believe me! Bugs/mistakes for coders are a fact of life, & so are patches. BUT, users have to be responsible & notify authors, especially if they put their email in their apps & readme files for contact immediately.))

I had to do fast patch for it. I noted everything that mattered for a user to edit it in the readme file for my apps, & also the actual HOSTS file in # Unix-Style comments above the entries that were in question in the 'bug', instead they complained elsewhere instead: This only slowed down the fix process in fact which would have happened days sooner if they wrote me directly. Lotus, for one here, can attest I make fixes in minutes often if you find a 'bug' or want a better feature in my apps. I do "take requests" & field them fast.

AGAIN: The folks that found it should have written me first because they only delayed it being fixed, dumb move on their part as I put my email out in my readme files & Help/About menus in my apps publicly as well as on forums boards too (nobody is hiding here) instead of others distributing the file who understood:

Bugs happen!

But, notifying the author is step #1, go to the horses' mouth for corrections!

(Guess they are not that smart, because I don't hide myself under diff. names out here, & publicly put up email to contact me @ in my programs AND in my readme files as well as forums I go to... I think there was more to that than their noting it, but some other motives too, but that's only "speculation" on my part).



* Virus use this though, QHosts is one, & I put up ways to beat it & there is a thread here that notes that in fact that ali put up in fact (search "W32Parity" here & a postthread with user ACE member here whom I 'cured' his QHosts variant problems with by showing him WHERE that type of virus operates & on ALL fronts for it in fact... you can even have that virus on your system, but it can be rendered literally ineffectual by certain registry hacks for it rendering it useless!)

APK
[Edited by AlecStaar on 2004-06-25 11:36:40]

Originally posted by Sampson:

"As has been pointed out before, many websites stash javacontrols into the temp files of both IE and Mozilla. One of the most common is clientsniffer.js and vb_sniffer.js . All the script does is determine what kind of browser you are using. Anantech, Sudhian, and even Cnet's download.com does it. But, once it is on your hard disk, it can be exploited. As far as I know no anti-virus detects it, nor does Spybot or Ad-aware. Bring up windows explorer and search for clients*.js or vb_*.js to see if you have it. It is not harmful and you can leave it on if you like. But, it can be exploited. This is not necessarily the control that Alec is speaking about, but it is something as innocuous as this that seems to causing concern."

Additionally, you can alter associations to/for .js &/or .vbs and .wsh files (scripting scraps) to something like notepad.exe which helps SOME as well againt macro & scripted virus'... does not allow their execution in many cases because hardcoded application execution paths are NOT guaranteed to have the app located where someone hardcodes a path to it. Most times, a programmer will use file associations to be on the safe side since those are formed @ OS installation &/or program install for path to the executor program that loads said scripts as datafiles to use/execute.



(BUT, if say a browser oriented tool executes an application via a hardcoded application rather than by association & ShellExecute style API calls? It does not help that much!)



APK

I have to say that I highly recommend people use the hosts file as you can also help weed out pop-up ads and other crap sites too

APK has a lovely one in his APK Toolset and a nice engine to sort them out

Originally posted by jmmijo:

"I have to say that I highly recommend people use the hosts file as you can also help weed out pop-up ads and other crap sites too "

AND, speedup access to your favorite sites by eliminating the need to call out to DNS servers for URL-to-IP address resolution... a 20-fold order of magnitude increase in speed in that alone by calling the HOSTS file entries on your local disk (which takes 3.5-10ns with today's modern drives, vs. 30-60ns to DNS).

The app can also turn on/turn off the use of the HOSTS file as you see fit, alphabetize the contents of the HOSTS file for easier mgt. by you the end-user, remove repeats in it (speeding it load & decreasing bloat/size normalizing it) & also test new entries to it prior to making them (which it can do for you) & add if NOT there already... or tell you "No dice: Already there" etc.

Additionally, when you use it to remove repeats? It has CPU timeslice REALTIME (not recommended for single CPU rigs) HIGH, NORMAL, LOW cpu timeslice priority control: That allows you to process it faster, or in 'idle' priority for unobtrusive operation... and runs from a trayicon that animates as it runs so you know when it's done etc. or still running etc.

I built it for surfers, because I am a surfer!

Originally posted by jmmijo:

"APK has a lovely one in his APK Toolset and a nice engine to sort them out "

Thanks jmmijo, glad you like it! 24,000++ adbanner servers blocked & growing...

(Hope the rest of the toolset measures up in your estimation as well... best release I have done to date in its 7++ years long development cycle existence since 1996-1997 to this new Summer 2004 re-release!)

Anyone who wants it can download it in the "OTHER" section, where there is a thread for it, & if you do?

http://www.ntcompatible.com/thread27593-1.html

ENJOY!



* ANYHOW -> Gotta go, gotta go... People: It's "FRIDAY"... yea!

APK

Only problem with a HOSTS file is that you break DNS. DNS by design is supposed to handle dynamic changes as indicated by the TTL value passed from the DNS server(s).

(Most) Any government agency will either not do anything at best, or get agitated for you wasting their time at worst.

Learn to protect against the vulnerabilities before they become such an issue. An ounce of prevention...

This can help with the BHOs:

http://www.definitivesolutions.com/bhodemon.htm

And you can use CWShredder to help with the hijackers, Ad-Aware and Spybot for adware.

Originally posted by adamvjackson:

"Only problem with a HOSTS file is that you break DNS. DNS by design is supposed to handle dynamic changes as indicated by the TTL value passed from the DNS server(s)."

DNS still works here: I, for one, have not noted it as "broken" @ all!

Jmmijo, how about you (since you use a custom hosts file as well)?



* I.E.-> Anything in the HOSTS file can speed you up OR block out sites/adbanners you do NOT want viewed. Again, I can still resolve sites just fine that are not listed in it (thus, DNS is still working!).

(The ONLY problem I have ever noted using a HOSTS file is if a site I listed in it to speed it up changes its IP address on its servers (so, if I note I cannot reach a fav. site I speedup, I just block that entry with a # unix-style config file comment symbol, or just remove it & try it again, getting its new IP address & then re-entering that in the HOSTS file instead of the old IP address & it works once more).

Blocking adbanner servers is not a problem ever @ this point as they have yet to change their IP's on me here it seems)

APK

P.S.=> What gave you the idea that DNS is broken by using a custom HOSTS file? apk

Well APK, when you have a static IP/name resolution specified in the HOSTS file, and that IP changes, it's broken.

If you were using only DNS lookups, it wouldn't break.

That's why most upstream DNS providers have a TTL value of 1 hour, so that any IP/host changes are quickly propigated downstream.

BTW, good to see you posting again, and good to be back... ;-)

Originally posted by adamvjackson:

"Well APK, when you have a static IP/name resolution specified in the HOSTS file, and that IP changes, it's broken."

Right, but I have seen that happen (using the case of this site in fact) only 2 times over an 7++ year period... pretty good odds that it won't, assuming sites don't change providers/hosts, etc. that is!

Plus, Phillip posts a message to folks on the main page (or here in the forums) to update your HOSTS file.

NOW, let's say for example, I miss that if I were offline for a few days/weeks/months (which I was for 6 months or so on the road working last year in fact, but the IP to URL for this site did not change in that time this round iirc)... I know enough to change it to a # commented field in my HOSTS file, go to the site or ping it for the correct URL, & then amend my hosts file if I suddenly cannot reach it again (notepad.exe is your pal here, easy to do!).

I state that above anyhow, & here... so others know that also!

Originally posted by adamvjackson:

"If you were using only DNS lookups, it wouldn't break."

Assuming that the DNS Servers are not "poisoned"... this happens too you know! About as often as sites changing their IP address, but it DOES happen due to attacks.

Originally posted by adamvjackson:

"That's why most upstream DNS providers have a TTL value of 1 hour, so that any IP/host changes are quickly propigated downstream.

BTW, good to see you posting again, and good to be back... ;-)"

I have been back for around, oh... iirc, around 6 months or so, on & off if not TOO busy. Like this week, I was off for like 5 days now, doing things.

* Wish I could spend more time here, but am out job interviewing etc. because some of the MOST interesting/troubling/perplexing questions I see online ARE @ THIS SITE... good for own personal growth studying them & trying to help out!



APK

About DNS server poisining, this is another good reason to run your own local DNS server, and forward lookups to one of the root servers.

Comprimise of the root servers is a lot less likely than your ISPs DNS server/cache.

Originally posted by adamvjackson:

"About DNS server poisining, this is another good reason to run your own local DNS server, and forward lookups to one of the root servers."

That means having to have a DNS server, or Server-Class Operating System (on your LAN/WAN @ home, or locally on a single box... or a freebie one: Are there these?).

Got a link to folks interested in one of those @ home on a workstation/pro class of NT based OS offhand, that is free?

Thanks, because folks would probably be interested in that as an alternate method of IP-to-URL resolutions also... especially IF free!

Originally posted by adamvjackson:

"Comprimise of the root servers is a lot less likely than your ISPs DNS server/cache."

I'd say, were I out to do something of that nature? Those would be the ones I would go after FIRST... they are, after all & iirc, the ones that feed ALL others out there!



(Why the heck anyone would want to do that, other than for creating chaos for purposes of idiocy/destruction, is beyond me... but, were I out to do that, those are the ones I would attack FIRST & FOREMOST... but, that is how I look @ it is all!).

APK

P.S.=> You know, I have always wondered what 'costs more' in terms of resources/time/&-or money, & which gains better speeds of lookup of IP to URL resolutions:

Running your OWN DNS server (with its program & communications overheads & Master Lookup Table overheads if not costs in using a Server Class Operating System that has it built-in)

vs.

Running a custom local HOSTS file (which costs nearly "0" (negligible) overheads other than loadtime if large & putting in your entries yourself)...

Both are 'high-performance solutions' because they lookup data locally outta disk & RAM (so faster than ISP/BSP lookup which takes on the order of 30-60ms turnaround time vs. 3.5-11ms off disk/ram on estimation) vs. ISP/BSP Domain Name Server searches, but which is the faster, & which costs less overall...?

apk

Well, about costs, direct and indirect...

Personally I value my time more than anything. Money can always be made, but time cannot.

So, bearing that in mind, once a DNS server is set up, it just runs. No user/admin intervention necessary.

Hosts on the other hand takes time to set up and update (constantly black-listing advertisers, malicious content, etc.).

Also, the root servers are far more secure then any downlevel DNS server, such as local ISP DNS servers.

Originally posted by adamvjackson:

"Well, about costs, direct and indirect...

Personally I value my time more than anything. Money can always be made, but time cannot."

Agreed! We think alike about time (there is NO making that on from a time factory etc.)... it's precious/finite. BUT, for most folks? Money is RIGHT up there... & server Os' in the Win32 environs cost money! Large coins/deadpresidents (if legal that is).

Originally posted by adamvjackson:

"So, bearing that in mind, once a DNS server is set up, it just runs. No user/admin intervention necessary."

Costs of it... again, is/are there absolutely FREE ones out there for Win32 OS' in the way of locally run & adminn'd DNS servers that are NOT part of a server based Os, which costs money in the Win32 world?

If so, point some folks to them here if you can/will etc.,...

(Win32 preferably, since this is a site for Win32 OS' based folks... NT based specifically in NT/2000/XP/2003. Thanks... I don't know of any, hence PART of why I do custom hosts files!)

HOSTS files, custom ones, take the advantage in costs AND time here I feel: Especially if a HOSTS file that blocks adbanners & also allows a user to speed up their fav. sites access time is provided ahead of time (such as my toolset provides, for free, that runs on ANY OS basically... not just Win32 based ones!)

The HOSTS file seems FAR more ubiquitous, easy to maintain via notepad.exe edits even & understand, & can run on ANY platform based on Unix or Win32 IP stacks (if not others that use IP, since iirc, they are ALL based off the same model from the UNIX world).

Doesn't take much to understand a HOSTS file content vs. learning to run all the softwares on a server level platform for instance also. Heck, HOSTS files? They practically document themselves!

Originally posted by adamvjackson:

"Hosts on the other hand takes time to set up and update (constantly black-listing advertisers, malicious content, etc.)."

Not for blocking adbanners, by NO means.

They are equated to the localhosts 127.0.0.1 loopback adapter usually... cake, & no need to maintain again, & they work for blocking pr0n sites, adbanners, you-name-it! With the custom hosts file I put out in my toolset? You have a 24,000++ entry "head-start"...

For speedups of entries say, to this site, again:

Philipp & other webmasters often note when their sites change server IP publicly, and calling to a locally based HOSTS file only takes 3.5-10ms to call & obtain URL-to-IP resolutions vs. calling ANY Domain Name Server (DNS) which REMOTELY, takes a roundtrip of 30-60ns! Locally run DNS servers take time to learn the service, the OS, & also are subject to 'misinformation' via DNS poisoning attacks.

Takes seconds with notepad.exe to comment out an entry, reload it from disk, & then ping the site for correct IP, & then reset the HOSTS file once more...

This happens, again, SUPER-RARELY mind you (unless virus attacked, & I counter for that in my toolset & protect the HOSTS file if the user so wishes, as do tools like Spybot etc.). About as often as DNS servers (of any kind) being attacked is how often sites change IP's though.

(Remote DNS calls take without question FAR MORE TIME, in fact, on the order of 20 fold magnitude more time to use remotely located DNS servers for URL-to-IP address equation/resolution is used though.)

And, since time appears to be your main factor of concern (money is one that not everyone has an option for though)?

Calling a locally edited custom HOSTS file wins LARGE over remote DNS server calls roundtrips for URL-to-IP resolutions: 20x orders of magnitude large in speed & time wasted calling remote DNS servers vs. local HOSTS files as well as not loading banners for instance which consumes more time still. Locally run DNS servers still have to make those calls as well, mind you... wasting time.

You really cannot preclude costs of a server Os though for all folks... sorry, I would operate on your "time only" concern, but money today? IS TIGHT for most folks if the world economy is any indicator.

The setup again, of a local DNS server (which is subject to potentially poisoned DNS info. as well, takes time again adding to the time issue... & not everyone has the know-how for that, & it is certainly more difficult setting up a server OS than editing a HOSTS file imo.) takes time, money in the Win32 world (unless you know of a free DNS server for Win32 that is), & is still subject to attack.

So are HOSTS files, but running SpyBot, AdAware, my toolset protects the HOSTS file too by the by in some of its features counters that & they are EASY to edit via notepad... they do document themselves & are simple to understand, & in the case of my toolset?

110% free... & work.

Originally posted by adamvjackson:

"Also, the root servers are far more secure then any downlevel DNS server, such as local ISP DNS servers."

Still, they are subject to DNS poisoning attacks... no questions asked, no matter where they are located.

* They are NOT "invulnerable"... nothing really is!



APK

A quick google for "open source" "dns server" "win32" turned this up:

http://posadis.sourceforge.net

Note that I have never used it, but maybe someone has?

Originally posted by adamvjackson:

"A quick google for "open source" "dns server" "win32" turned this up:

http://posadis.sourceforge.net

Note that I have never used it, but maybe someone has?"

That's looking like one. Another site that has a VERY high probability of providing Win32 folks their OWN DNS server program?

AnalogX -> www.analogx.com (iirc, that is their website)

* The guy(s) there have done an ENTIRE variety of tools covering things IP as well as other areas... do look into them, because I believe they may also provide one & a plethora of other tools IP as well!

APK

P.S.=> Remember though: Even though you run your OWN locally run DNS server? She has to call out to other DNS servers, even the root ones (less likely to be DNS poisoned probably), & that still means the 30-60ms roundtrip circuit of URL-to-IP resolution (unless caching type) to get a resolution @ least once, & again problem is: can be potentially faulty info. due to "DNS poisoning attacks...

Yes, HOSTS file can be re-written by virii, or malware, but tools like the suite I provide has means to protect it, as does Spybot if run resident.

Keep that in mind!

Also bear in mind for speed? A local HOSTS file Blocks banner ads (like mine does @ 24,000++ adbanner servers inside of it to 'kickstart' you, probably the MOST comprehensive one in existence currently, & absolutely free of repeats as well) so by not loading those? You are not being slowed up by them!

Plus, the HOSTS file speeds you up by not allowing adbanners, but also by speeding up the URL-to-IP process to sites you put into it via the URL<space>IP Address equation! apk