HOSTS

There are many layers to protecting a network and one nice portable and free way is to utilize the Windows HOSTS file. The HOSTS file is a simple text file that resolves DNS names to IP addresses and by manipulating the HOSTS file we can create black holes. Black holes are where internet requests do not connect to their intended host and no reply is given. The concept of black holing a request is extremely useful when trying to block malware, advertisements or even just time-wasting sites.

There is only one third party prerequisite for HOSTS;

WGET (https://eternallybored.org/misc/wget/) : the core of the system. WGET is a command line tool that retrieves web links/sites. This will be automated by HOSTS to download publically available host lists.

The HOSTS project is comprised of five files;

DOWNLOAD HOSTS

UPDATE-MASTER.BAT – used to gather host files compiled by third party sites. Configuration includes setting the local path for the WGET tool, setting the path to the created NewHosts.txt file and optionally adding more host files to the mix. Once configured this file should be setup to run on a regular basis in a centralized location so that the host files on computers around the network can be updated with the daily NewHosts.txt file created.

CleanHOSTS.vbs – this script is used to deduplicate and clean up entries from host files downloaded by UPDATE-MASTER.BAT. This file is called from UPDATE-MASTER.BAT and has no user configurable settings.

ADDBLOCK.dat -any name put in here will be added to the NewHosts.txt file. This is useful if there are any sites that need to be blocked company wide (Example: netflix.com). Each entry should be on its own line, make sure the line does not start with a hash (#).

DONTBLOCK.dat – any name put in here will be removed from the NewHosts.txt file. This is useful if there are any needed sites that are being blocked due to inclusion in downloaded third party host files. Each entry should be on its own line, make sure the line does not start with a hash (#).

MergeHOSTS.vbs – this script needs to be run from the workstation that will have its hosts file modified. The NewHosts.txt file that is created from the centralized UPDATE-MASTER.BAT process should be placed in a network share with read-only permissions for every account that will run this. The only configuration for this script is setting the path to the created file. It is very convenient to have MergeHosts.vbs defined in a GPO as a startup script on all workstations so every reboot will merge the local hosts file with the most recent updates. The local hosts file will have everything between the “#BEGIN-ANTI-MALWARE” and “#END-ANTI-MALWARE” tags replaced with the contents of the NewHosts.txt file.

After configuration and testing you can open the local hosts file to insure inclusion of the new black hole entries. The default location of the hosts file is C:\Windows\system32\driver\etc\hosts. The newly edited hosts file should have several new entries starting with 127.0.0.1 which will route any request for that domain name to the www.ipworx.com.

-fin