Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HOSTS on WIN XP (home)


  • Please log in to reply
6 replies to this topic

#1 EdBee

EdBee

  • Members
  • 208 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 14 July 2004 - 02:48 PM

I have been using the two tutorials "The Hosts files and what it can do for you" and "what is domain name resolution" to teach myself how to use the hosts tool. I have encountered a problem. I believe one of the most recent MS Hot Fixes has altered the Domain Name resolution. In the tutorial re Domain Name res it is mentioned that there are 4 subkeys which determine the priority used in the resolution process. But, on my machine I am finding a fifth sub key "Class" which on this machine (WIN XP SP1 HOME). This subkey is set as the lowest at 8.

I have also noticed in the Hosts "sample files" it mentioned adding such extensiopns as #PRE and #DOM {Domain Name} that will insure that Hosts file is are parsed first. So far, I'm having no luck. Also on your tutorial you mention keeping all the entrys on one line. But, with the above (needed??) extensions and the use of your (our) domain it will not fit on one line.

My guess is that a recent MS fix has done this and of course they can't advertise what that did to plug the holes and give the little hijacker weasles a headstart.

I think your tutorials are great!!! Ed Brophy(anti weasle)

PS--Am checking my other machine to see if the perhaps the fifth "class" subkey was input by a weasle and never removed when I got him out. Thanks
EDBEE from NMUSA- RENOWNED MALWARE FIGHTER AND SWORN ENEMY OF ALL INTERNET HIJACKERS

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,540 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:43 PM

Posted 14 July 2004 - 04:13 PM

Well the file you are referring to with the #PRE and #DOM is actualy the LMHOSTS file, not the HOSTS file. It is a completely different beast.

The Class registry key does not affect search order but is rather used to tell the OS that TCPIP is a name service provider for address resolution.

It meants other things as well but that may be too technical to go into

#3 EdBee

EdBee
  • Topic Starter

  • Members
  • 208 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 15 July 2004 - 12:41 PM

Thanks for the help with my HOSTS & LMHOSTS mixup.

Is there a way to tell whether the HOSTS file is resolving or the DNS server, other than tricking it as you show in the tutorial?
At one time I knew how to enter the IP in numerics directly on address bar (an older OS) but I have not been able to on WIN SP--the help file no help. Is there a way without going to reg, disabling etc?
In earlier DOS days I had a good listing of extensions and what they did, I really love acronyms except when I don't know what they mean. Do you have link??

Sorry to be such a bother--but I WILL master this IP/HOSTS before I move onwards.

Thanks :flowers: :thumbsup:
EDBEE from NMUSA- RENOWNED MALWARE FIGHTER AND SWORN ENEMY OF ALL INTERNET HIJACKERS

#4 raw

raw

    Bleeping Hacker


  • Members
  • 2,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:11:43 AM

Posted 15 July 2004 - 06:34 PM

http://216.109.118.68/
just enter that into your browser...you can also add that to your HOSTS file

216.109.118.68 google.com

and typing google.com in your browser will take you to Yahoo :flowers: or try
216.213.19.27 bc
Now you'll get to bleepingcomputer.com by typing bc in your browser :thumbsup:
The HOSTS file can be absolute fun when showing someone you hacked microsoft.com :trumpet:

rawsig.png

 rawcreations.net          @raw_creations


Current systems: WHAT OS, BackTrack-raw, PCLinuxOS, Peppermint OS 6, Kali Linux

and a custom Linux From Scratch server hosting a bunch of top secret stuff.


#5 EdBee

EdBee
  • Topic Starter

  • Members
  • 208 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 16 July 2004 - 03:53 PM

Thanks RAW,

Problem I'm having is all my addresses I enter go right to google (they are taking over the world). So when I set up my HOSTS file and enter "bc" as you show, google gets me Boston College. Am using the latest Earthlink with WIN XP. I have gone to tools?Internet Tools/Advanced and checked "do not search from the address bar" and pushed "apply" same thing! I don't remember that google took over the address bars on privious browsers?

But I never give up-
EDBEE from NMUSA- RENOWNED MALWARE FIGHTER AND SWORN ENEMY OF ALL INTERNET HIJACKERS

#6 raw

raw

    Bleeping Hacker


  • Members
  • 2,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:11:43 AM

Posted 16 July 2004 - 04:58 PM

Even if you enter a straight IP address it still directs to google?
Also one thing I did not see anywhere that I should mention

************HOSTS****************
127.0.0.1 localhost <-------This MUST be there and MUST be first
**********************************
Everything gets added after that. Sorry if there was any confusion. You are welcome to use my HOSTFix program to build a new HOST file.

rawsig.png

 rawcreations.net          @raw_creations


Current systems: WHAT OS, BackTrack-raw, PCLinuxOS, Peppermint OS 6, Kali Linux

and a custom Linux From Scratch server hosting a bunch of top secret stuff.


#7 EdBee

EdBee
  • Topic Starter

  • Members
  • 208 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 17 July 2004 - 02:59 PM

Thanks RAW,

The http: entry with the numeric IP works fine-goes exactly to the correct place on the web. But typing in "bc" as you suggest brings up the google page and the first possible choice (of apprx 10,000) is Boston College. Anything not in proper Host/domain format brings me to google. I have also tried to enter into the HOSTS file the IP # of Yahhoo with the domain name of Google (as suggested in the tutorial). The browser (Earthlink/MS IE) brings me to the Google homepage: it ignores my HOSTS file and goes to the DNS server first I'm sure

I believe this is something done by the newest EL update to make things easier etc. But, there may be something else involved (RUN--- services.msc) where a service program may have been disabled--the one that directs the input to the HOSTS file FIRST. I am checking on this--will let you know--THANKS for your help

PS:I did put the localhost on the first line as you suggested.
EDBEE from NMUSA- RENOWNED MALWARE FIGHTER AND SWORN ENEMY OF ALL INTERNET HIJACKERS




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users