On Thu, 03 Jul 2003 19:50:30 +0300, Lance Delacroix
<lance_delacroix@fastmail.fm> wrote:

>On Thu, 3 Jul 2003 07:39:20 -0700, "Lance Hill"
><lltbhill@earthlink.net> prounounced a fatwah thus:
>
>>
>>"Lance Delacroix" <lance_delacroix@fastmail.fm> wrote...
>>> On Thu, 03 Jul 2003 01:11:20 GMT, "d11@anywhere.com" <> prounounced a
>>> fatwah thus:
>>>
>>> >How do I get the IP address of different spyware.
>>>
>>> From Sponge, of course.
>>
>>Help educate a newbie. Sponge looks like a list of "bad" IP addresses you
>>can use with your firewall. The HOSTS file I see around here looks like a
>>similar list, but it's used to misdirect software to a null or false IP
>>address.
>>
>>So which is "better"? Or what are the pros and cons of either method?
>
>Yes, the HOSTS file is used to redirect DNS lookups to your own
>computer, in effect cancelling them. The result is that your computer
>can't connect because it can't complete the DNS lookup. The drawback
>to a HOSTS file is that it only works with SPECIFIC URL's, one by one;
>if you want to prevent a lookup to, to use a good example, Akamai, you
>may have to have hundreds of entries. An effective HOSTS file, by
>itself, would have to be BIG (500kb?) and would reqiure constant
>maintenance. Some people report that a big HOSTS file slows down
>their browsing significantly.
>
>If you use block files in a firewall, OTOH, you can directly block
>connections to large groups of consecutive IP addresses; for Akamai,
>to continue with our example, I think Sponge has ten to twenty
>entries, each of which includes multiple IPs. This handful of IPs
>could represent many hundreds of specific URLs, as you can resolve
>more than one URL to a given IP. Besides the increased efficicency of
>this method, it has the advantage of preventing spyware from
>connecting when that spyware uses an IP address instead of a URL (I'd
>imagine that this would be the preferred way of connecting using
>spyware). Thus, using a firewall with block files is more effective
>than using a HOSTS file -- IF you can be sure of the IPs!
>
>Obviously, a combination of strategies is best. Another useful tool
>is DNSKong (used with eDexter), which is kind of like a HOSTS-file
>approach but using a very small file. It works by using strings
>instead of full URLs; just entering "Akamai" in a DNSKong config file
>will have the effect of preventing DNS lookups to *any* Akamai URL
>that contains the string "Akamai" (assuming appropriate positioning of
>the string inside the URL).
>
>I hope this makes sense. If you're really new to this, it's going to
>take you a while to see how everything fits together.
>
>>
>>Another Lance
>
>Is your name really Lance? Mine isn't. I just chose "Lance Delacoix"
>for the phallic-religious connotations.
>
>>*****
>>Thanks for the help Lance.