Re: Is there any point to full host names in /etc/hosts ?

Moe Trin wrote:
On Sun, 04 Nov 2007, in the Usenet newsgroup comp.os.linux.networking, in
article <472de7fd$0$3510$8404b019@xxxxxxxxxxxxxxx>, David Brown wrote:

Moe Trin wrote:

Minor quibble - a given hostname OR IP address should appear on one
line only.

If you are using the hosts file to avoid web advertisements or other sites you want to avoid, the hosts file generally contains a long list of "127.0.0.1 ads.doubleclick.net" lines, with every line resolving to the same IP address. Is there some problem with lists like that?

Generally that technique slows things down. In theory, you can list
multiple host _names_ on each line (and the lines can be long), but
_any_ IP address in the range 127.0.0.0 through 127.255.255.254 resolves
to 'localhost'.

[compton ~]$ ping -qc 1 127.0.0.0
PING 127.0.0.0 (127.0.0.0): 56 data bytes

--- 127.0.0.0 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.3/0.3/0.3 ms
[compton ~]$ ping -qc 1 127.2.3.4
PING 127.2.3.4 (127.2.3.4): 56 data bytes

--- 127.2.3.4 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.3/0.3/0.3 ms
[compton ~]$ ping -qc 1 127.255.255.254
PING 127.255.255.254 (127.255.255.254): 56 data bytes

--- 127.255.255.254 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.3/0.3/0.3 ms
[compton ~]$

so you could put 4,294,967,295 lines in there. Might take a bit of
extra RAM on your part, and would slow your browsing to a crawl, but
it's possible. (Running your own DNS would probably be quicker.)

Old guy

I have a dnsmasq DNS server for the network, so I'd put the hosts list there for the benefit of all machines. It would not actually be in the system's /etc/hosts file, but a separate file in the same format, loaded by dnsmasq. Readily available host lists on the Internet that I looked at all have a single 127.0.0.1 address, but it would be easy enough to change the lines as you suggest with a little script - but would that make any difference in practice? And would windows clients on the network follow the rules and work with 127.*.*.* addresses? (brief testing suggests yes, but I value the experience of others).

mvh.,

David


.

Relevant Pages

  • Re: Linux zero IP ID vulnerability?
    ... not be replying (I can't seem to reproduce this on any of the hosts I've tried, accept ofcourse on localhost). ... packets tramitted, 3 packets received, 0% packet loss ...
    (Bugtraq)
  • [REVS] Sinit P2P Trojan Analysis
    ... A common tactic among Trojan writers is the multi-stage install. ... intermediary layer of 20 hosts that would point it to the real download ... Sinit, there is no central server that can be shut down. ... The packets Sinit uses in its discovery protocol were detected quickly by ...
    (Securiteam)
  • R: remapping IP addresses for inbound and outbound traffic
    ... I guess you can't do this, since a believe there is a single linux arp table. ... If you had hosts with unique IPs on both nets, that would be another story: you could use some sort of VPN or Bridge functionality. ... You could also be able to avoid packets passing through the bridged/VPNed interfaces thanks to iptables. ... Let one Linux box have two interfaces to IPv4 networks, ...
    (Linux-Kernel)
  • Re: Most Popular Blocking Lists for Compromised Hosts?
    ... I'm aware of cb.abuseat.org and the Spamhaus XBL list. ... All lists that strive to detect compromised hosts to a useful extent do ... address may also be used to send legitimate mail. ...
    (comp.mail.sendmail)
  • How to obtain a complete list of CR2 compromised hosts
    ... How to obtain a complete list of CR2 compromised hosts ... The problem with releasing a worm or virus to obtain some information ... originator creates a very clear trail that can be traced back to the ... a worm might send password lists to a Usenet ...
    (Incidents)