Use a router to co-ordinate HOSTS to prevent malicious site attacks

Many network administrators encounter malicious website attacks when managing internal networks and preventing viruses. Many employees' computers often access malicious websites automatically due to the accidental installation of rogue software, as a result, the virus can spread in a wide range. In the past, we used to edit the HOSTS file of the employee's computer to point the illegal site to the 127.0.0.1 address and filter it out. However, this method is relatively cumbersome and increases the workload of network administrators, is there a way to filter Intranet domain name access in batches? The answer is yes. Today, I would like to invite you to use the routers to manage HOSTS files to prevent unauthorized access to malicious sites.

I. How to use a router to co-ordinate HOSTS to prevent malicious site Attacks:

At the beginning, we introduced the traditional way to prevent employees' computers from accessing malicious website domain names by editing HOSTS files. We can see the existence of this file in the c: windowssystem32driversetc directory in the system directory, the HOSTS file has a higher priority than DNS resolution when the function is running. To put it bluntly, the domain name correspondence here will be directly used, therefore, when you specify the IP address of a malicious site in the HOSTS file and access the site, the IP address is automatically forwarded to the specified IP address to avoid virus and Trojan Infection. (1)

 

The ing relationships added to the HOSTS file are similar to those in the format of "127.0.0.1 www.sex.com", so that the computer automatically points to 127.0.0.1 when accessing www.sex.com from the local machine, this avoids being infected by rogue plug-ins and virus programs on www.sex.com. (2)

However, the efficiency of modifying the HOSTS file is too low. When there are dozens or even hundreds of computers in the enterprise, we need to edit the HOSTS repeatedly to filter the files. The overall implementation efficiency is relatively low, and once a new malicious site appears, we need to re-execute all the above operations to add new entries.

In fact, we can manage the DNS function of the HOSTS file from the router, which avoids the heavy work of repeatedly editing HOSTS to each host, on the other hand, it provides a more convenient way to update the corresponding entries of the HOSTS file in the future.

 

Ii. Use the vro to co-ordinate HOSTS to prevent malicious site Attacks:

Generally, the access routers of small and medium-sized enterprises have special settings for DHCP and DNS. We can use these functions to improve DNS resolution filtering, the DNS resolution filtering function enables overall management of HOSTS to prevent malicious website attacks.

The author takes the vro on the graphical management interface as an example to describe that the firmware program used is TOMATO, of course, if the actual environment is other firmware such as the DD-WRT, it is no problem to implement it through the methods described in this article. The procedure is as follows.

TIPS:

If you want to co-ordinate HOSTS to prevent malicious site attacks under the command line mode router, you must refer to the relevant commands in the instructions for implementation.

Step 1: Go to the vro Management page and select Advanced> DHCP/DNS. (3)

Step 2: here we will see the region named dnsmasq custom configuration. Enter the domain name and IP address to be filtered. The specific format is address =/domain. name/127.0.0.1. (4)

TIPS:

For ddwrt firmware, you can set related function options under Administration> Services> DNSMasq. The implementation result and steps are similar to those in TOMATO.

Step 3: After filtering information is set, the GOOGLE search page will first appear when we enter the relevant webpage on the local computer. In fact, this has confirmed that our settings are effective, the domain name www.it168.com has been successfully filtered out by us. (5)

Step 4: Enter www.it168.com again or visit the GOOGLE page just now. The prompt "internet explorer cannot display this page" appears, in fact, when accessing the local machine, we will find that www.it168.com is directed to the local address 127.0.0.1, which naturally cannot open any page information. (6)

Step 5: If you want to filter multiple domain names and sites, you only need to add multiple entries in sequence according to the method described above. Each filter entry is displayed in a single row, you can quickly add filter entries by copying, pasting, and other operations. The final effect is the same as filtering a single site. (7)

DNSMasq is a dns server that includes both tomato and ddwrt. Through this server, we can smoothly implement forwarding, dns cache, and other information. This article uses this function to implement overall HOSTS protection against malicious site attacks. Finally, we need to explain the following points --

(1) Once configured in the vro, various systems of all machines on the Intranet will take effect.

(2) This method can achieve wildcard domain name resolution, which is impossible for hosts. For example, if you enter *. domain. name-> 127.0.0.1, all domain names under domain. name will be directed to 127.0.0.1 for filtering.

TIPS:

For example, if you enter * .it168.com-> 127.0.0.1 during filtering, no matter whether we access wireless.it168.com or safe.it168.com, the corresponding page will be filtered out and cannot be displayed smoothly. When editing HOSTS, we need to add two different entries for wireless.it168.com and safe.it168.com to implement filtering rules.

Iii. Summary:

We can use this method to prevent malicious website attacks and prevent employees from accessing dangerous websites. We can also use this method to SHIELD software upgrades, online verification, and other operations. In addition, compared with the single domain name filtering of HOSTS files, the wildcard domain name of this method is more favored by network administrators. After all, the wildcard domain name filtering function can be used to uniformly filter the information of multiple sites and multiple domain names at the same time. If you still use the HOSTS editing method, you may need to fill in dozens of rows of filtering entries.