In article <GLqdnWAB_YnRoArYnZ2dnUVZ_smdnZ2d@comcast.com>,
Vanguard <vanguard.news@yahooNIX.com> wrote:
>That presumes that the application making the connection or the HTML
>code sent your browser uses IP *names* to point at the targets (for the
>images). What would stop the app or HTML code from using IP
>*addresses*? DNS only gets used if an IP name is used. If an IP
>address is used, there is no DNS lookup so DNSKong which is a local DNS
>server would get bypassed. This is also how a hosts file gets
>circumvented. If the request goes to an IP address then there is NO
>lookup. Guess you'll have to take care of those in your software
>firewall's IP blocking feature but that is really only useful for static
>IP addresses. An HTML web page could reference IP addresses (not IP
>names) and those reference could change. In fact, they could change on
>every retrieve of the web page provided the spammer has enough of them
>to cycle through using a server-side script that compiles the web page
>that gets profferred to your browser and which uses IP addresses instead
>of IP names.

You are right. The more robust blocking technique is to block (numeric)
IP addresses. I used to do this too, by typing out a long list of IP
addresses into the config file of my little Cisco router. The disadvantage
of IP address blocking is the amount of typing you have to do. I will
use doubleclick.net as my canonical example. Suppose that you wish to
deny access to all of doubleclick.net. You would have to do some research
to find out all of the IP address blocks that doubleclick.net claims as
its own. The list of address blocks will change week to week, so this
is quite a job. I know, I used to do this.

The alternative is blocking by domain name, and that is what DNSkong
does. Personally, I use a different program "dnrd." Personal preference.
With this approach, I can block (imperfectly, I admit) all of
doubleclick.net with a single line in my dnrd config file. I don't have
to do any maintenance on that line either. Whatever doubleclick does to
its server farm, it stays blocked.

What would be really great is if someone devised a way to *automatically*
list all of the address blocks owned by doubleclick.net. If a piece of
software could do that for me, I could run it every night, and write a
script to transform the output of this program into a router config
spec. I wish that I knew how to write such a program. Any suggestions?

Currently, I am blocking 541 domains with dnrd. These range from ajeeb.com,
to doubleclick.net, to zrap.zdnet.com. There is no way that I could
maintain lists of IP address blocks for all of these domains. It is just
too much work.

Coming back to the original (somewhat spammy) poster. I briefly looked
at the cited web page, and it seemed like the product he is pushing is
just another DNS relay program, like DNSkong or dnrd. If I am wrong
about that, please correct me.

Any other ideas on blocking unpleasant internet addresses? I am very
interested in this topic.
--
David Arnstein (00)
arnstein+usenet@pobox.com {{ }}
^^