... darkrealms ...

Forums before death by AOL, social media and spammers... "We can't have nice things"

comp.protocols.tcp-ip

TCP and IP network protocols.

14,669 messages

[ << oldest | < older | list | newer > | newest >> ]

Message 13,489 of 14,669

Barry Margolin to Maverick

Re: Blocking internet traffic from speci

23 Apr 10 12:23:45

   30dc0660   
   From: barmar@alum.mit.edu   
      
   In article   
   <5720f0d8-2c38-488e-8db9-0da82b3a5517@c20g2000prb.googlegroups.com>,   
    Maverick  wrote:   
      
   > Hi all,   
   >   
   > I want to block all internet traffic received from a particular   
   > domain.   
   >   
   > Platform: Windows XP onwards   
   >   
   > Say, for instance I have a configurable domain black list.   
   > I wish to block all traffic received from any of these blacklisted   
   > domains.   
   > How can I achieve it?   
   >   
   > I have tried inspecting HTTP GET requests/responses, checked whether   
   > the GET line or the Host: header field contained a blacklisted domain,   
   > then I blocked the packet from an NDIS intermediate driver.   
   > But if the user tries to access the same website using its IP address,   
   > I get the IP address instead of the domain name in the HTTP GET   
   > requests / responses.   
   > Thus my application fails to block such blacklisted domains.   
   >   
   > I want a generic way to block blacklisted domains such that no matter   
   > in what way a blacklisted domain is being accessed, I should be able   
   > to identify it and block it.   
      
   What if they go through a proxy server?   
      
   > If there are any other ways of accessing a website other than using   
   > its domain name or IP address, I'd like to know about them and the   
   > approach that should be followed to block such attempts.   
   >   
   > Any help will be greatly associated.   
      
   Most enterprise-quality firewalls offer this as a standard feature.  But   
   the nature of the Internet means it's not foolproof.  If they go by IP,   
   there's no sure way to tell if it's the domain in question.  You can't   
   rely on reverse DNS, because the domain might be using a third-party web   
   hosting service, and reverse DNS is likely to resolve to the service's   
   domain rather than the one you care about.  Although if the service uses   
   virtual hosting, going to the site by IP might not work; it needs the   
   Host header to tell which virtual host is intended.   
      
   --   
   Barry Margolin, barmar@alum.mit.edu   
   Arlington, MA   
   *** PLEASE don't copy me on replies, I'll read them in the group ***   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)

[ << oldest | < older | list | newer > | newest >> ]