Skip to main content

blocking ads with firewalls

More
15 years 9 months ago #29359 by sose
I am trying to make a head or tail of this info on how to block ads using firewalls

Some firewalls like the netgear allow keyword blocking. So you can trace websites that lists the domain names of just about all the known advertising domains, If you don't need to do this on a lot of machines, I have a simpler solution for you, you map those domains to 127.0.0.1 in your hosts file on your machine. In Window you'll find the file in C:\WINDOWS\system32\drivers\etc\hosts In Linux its in /etc/hosts


Here's an example

Code:

127.0.0.1 local host
66.45.237.140 www.firewall.cx

#Ad blocking
127.0.0.1 ad.ca.doubleclick.net
127.0.0.1 ad.de.doubleclick.net
127.0.0.1 ad.doubleclick.net
127.0.0.1 ad.es.doubleclick.net
127.0.0.1 ad.fr.doubleclick.net
127.0.0.1 ad.it.doubleclick.net
127.0.0.1 ad.jp.doubleclick.net
127.0.0.1 ad.kr.doubleclick.net
127.0.0.1 ad.nl.doubleclick.net
127.0.0.1 ad.no.doubleclick.net
127.0.0.1 ad.se.doubleclick.net
127.0.0.1 ad.uk.doubleclick.net


As you can see all the ad domains are mapped to 127.0.0.1, anytime an ad tries to come through, it gets directed to localhost and dies.
More
15 years 9 months ago #29386 by Smurf
Sorry sose, was this informational or did you have a question ?

Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
More
15 years 9 months ago #29391 by timparker
The agency that I am working for now used this concept for blocking facebook, myspace and a few other social type sites as a poor mans way of doing it. I have found that they were not very consistant as some machines have the hosts file some do not. Some have a crap load of entries other have a small number.

It does work with a lot of over head for more than a handful of users.
More
15 years 9 months ago #29398 by sose
smurf

I got this info from another post on this site. I just want the theoretical explanation supporting mapping these domains to the IP address 127.0.0.1


timparker
what is the rich man's way of blocking ad domains
More
15 years 9 months ago #29400 by timparker
The one that my last company used would be WebSense. It will integrate in with Cisco equipment and others to block ads, porn, gambling, etc.

They allow you to decide what all you want blocked as they keep a huge database of different types of sites that one might want blocked. You get updates and pretty much go through and check off what to allow or not allow.
More
15 years 9 months ago #29404 by Smurf

smurf

I got this info from another post on this site. I just want the theoretical explanation supporting mapping these domains to the IP address 127.0.0.1


timparker
what is the rich man's way of blocking ad domains


Kewl, sorry sose, didn't spot the question. Basically what its doing is utilising the host file within the Windows Host (or *nix) to not permit the domains listed to be resolved to the correct IP Address. If you point it to the loopback address of your computer then it will simply not work.

For example, if i added a line that said

www.microsoft.com 127.0.0.1

When i try to go to www.microsoft.com , my machine will do a DNS lookup, the host file is checked before an actual DNS Query is sent to the Name Server and the IP Address of 127.0.0.1 is returned. My computer will then go to my own computer on port 80, if its not got a WebService running then it will simply fail.

This is being utilised to stop ad sites from being resolved from the clients. Its a ball ache because you have to maintain the list in the hosts file.

This same technique is sometimes used by browser hijackers, malware, etc.... sometimes they will add entries in your hosts file to stop you getting your AV Downloads by redirecting the request to your own machine by manipulating the hosts file. If you install something like Spybot, this will configure your host file in this manor for you to stop you resolving spyware sites.

When i deliver my courses on WatchGuard, i always point out that the DNS Proxy (application filter but WatchGuard call it a proxy) can be utilised to stop DNS Queries from leaving the network for sites you dont want anyone to get to. For example, you can use the DNS Proxy in WatchGuard to stop yahoo.messenger.com from being resolved and therefore stop people using it :wink:

Cheers

Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Time to create page: 0.154 seconds