Posted: Wed Aug 13, 2008 21:52 Post subject: This is a 'must have' code for unwanted traffic
Guys,
My WRT54GL is running DD-WRT v24 RC-5 (11/22/07) std.
I have read through this whole thread and went with the code nick696 posted and it works perfectly.
Full instructions below. I hope he doesn't mind me re-posting.
This is my in the startup section:
Code:
logger WAN UP Script Executing
sleep 5
test -s /tmp/dlhosts
if [ $? == 1 ] ; then
echo -e "#!/bin/sh\nwget -O - http://www.mvps.org/winhelp2002/hosts.txt | grep 127.0.0.1 | tr -d '\015\032' | sed -e '2,\$s/127.0.0.1/0.0.0.0/g' -e 's/[[:space:]]*#.*$//' > /tmp/hosts\nlogger DOWNLOADED http://www.mvps.org/winhelp2002/hosts.txt\nkillall -1 dnsmasq" > /tmp/dlhosts
chmod 777 /tmp/dlhosts
/tmp/dlhosts
fi
ln -s /tmp/hosts /etc/hosts
echo "45 23 * * 5 root /tmp/dlhosts" >> /tmp/crontab
this is the script in the firewall section:
Code:
/tmp/dlhosts
I have:
1. In Basic Setup.
Use DNSMasq for DHCP - ENABLED
Use DNSMasq for DNS - ENABLED
DHCP-Authoritative - ENABLED
2. In services.
DNSMasq - Enable
Local DNS - Enable
THIS THREAD SHOULD BE PINNED.
Thanks all for the help; I now get to surf faster.
I posted this script on another forum and got asked a question that I have not seen addressed here.
What are the risks involved with this? Can the person that makes the hosts.txt file exploit it somehow to compremise your network? Are there any other risks besides this?
I posted this script on another forum and got asked a question that I have not seen addressed here.
What are the risks involved with this? Can the person that makes the hosts.txt file exploit it somehow to compremise your network? Are there any other risks besides this?
My thanks in advance.
Chris
yea, that has been bugging me in the back of my mind, I do see that as a risk. all the hosts file does is short circut the DNS look-up process and resolve the web name -> IP translation process locally. it could very well be directing you to a bogus address....so, yes, that is a risk IMO.
quoted from the website in question here:
"
What it does ...
The Hosts file contains the mappings of IP addresses to host names. This file is loaded into memory (cache) at startup, then Windows checks the Hosts file before it queries any DNS servers, which enables it to override addresses in the DNS. This prevents access to the listed sites by redirecting any connection attempts back to the local (your) machine. Another feature of the HOSTS file is its ability to block other applications from connecting to the Internet, providing the entry exists.
"
you can go directly to the web site and judge for your self if the site warrants your trust
I actually did one better. I contacted the owner of the web site that produces the hosts.txt file. Here is my email to him. This is actually my second email to him, hence the first sentence.
"Mike,
I appreciate the reply. I wanted to see if you could help with a subject that got brought up in this thread...
The poster after my post was asking about risks, what they are, and if it warranted any concern. The original thread where I actually got the code for this is on the DD-WRT forum here...
I wish I had better news but Mike sent a reply about his hosts.txt file and all he said was it is safe and if this issue is router related he couldn't help.
I guess we each have to decide if it is best-practice or not to use his file.
As long as you're only applying the lines that start with "127.0.0.1" then there's no risk whatsoever. The worst that happens is you'll get a 403 for sites that you actually want to visit.
Thanks Mibz...and to the others that have made posts.
What my feeling is, to make the bullet proof, would be to write a little check program to validate the file before it gets applied to the router.
Does anyone know if code could be used at the router level to check this? I am a programmer but know nothing about the router environment and thus would not be very effective.
Thanks Mibz...and to the others that have made posts.
What my feeling is, to make the bullet proof, would be to write a little check program to validate the file before it gets applied to the router.
Does anyone know if code could be used at the router level to check this? I am a programmer but know nothing about the router environment and thus would not be very effective.
Thoughts?
Chris
A check would be redundant and/or useless. If you're validating individual entries, well the scripts above already do it in such a way that no harm can come from an error. If you're validating the file to confirm it came from MVP, well it doesn't matter if it comes from MVP if MVP is the one to screw people over.
I understand that it's better to be safe than sorry, but the only extra security you could really add is to give the file a once-over with your own eyes.