| reply to bobince
Re: News: Major Exploit Underway... I'd really like to find a single purpose, inexpensive appliance that could subscribe to a blacklist and automatically block access from my home network (maybe sit between the NAT/router and the modem). I know I can build one using Linux, but I don't have the time. Also I don't have time to learn how to make the ipchain or similar rules dynamically updatable from a "plain" blacklist updated continuously from a trusted source.
Nothing smart, nothing elegant,no smart rules, pure brute force. Simpler than messing around with hosts files (which BTW doesn't work well with Win2K where a big hosts file just seems to kill performance). And yes, I know, woe to whoever is accidentally listed--this is why it has to be updating continuously. It should also update continuously so that phishing sites can be listed as soon as they are detected, not days or weeks after they've been taken down.
I bet by now there are hundreds of thousands of people and small companies who would gladly pay $50-$100 for such a gadget, along with a $1/month subscription to the update service. Hint hint. |
|
 jig
join:2001-01-05
Hacienda Heights, CA | this is at least partially done with some of the content filtering boxes out there. what i've seen is that they contact an offsite service that checks the web address against a list and returns a 'grade' that labels the site as childsafe, adult, hate, etc. if the device is set to allow that subset, then the client can connect directly.
problem is, of course, that only the most recent requests are cached. so if the offsite service goes down or is otherwise unreachable, the protection isn't there anymore. and i don't think most of the offsite services would allow their entire list to be locally cached..
and i don't know how these offsite services deal with any kind of litgation over whether or not a site is labeled correctly.
i suppose it would be interesting if a hardware manufacturer sold a product that had some general ability to upload what is in effect a hosts file. general enough so that they couldn't get sued over someones site getting put into one of the various lists and uploaded to the router. and upgradeable memory. that would be enough, but the next step would be to have various sets of lists that could be applied to subnets in various combinations.
the more i think about it though, most of the appliances that have even the beginning of the right kinds of resources already cost as much as the cheapest dell, which has more than enough umph to do all the above AND much more.
still, i'd buy an appliance that did everything above for $300 or less. appliance = something without moving parts (no fan or hard drive). |
|
|
|
Indy SabreSabre Rider From Indianapolis
join:2003-10-02 | reply to eburger68
Would surfing in IE on a limited user account in W2000 likely prevent damage from these exploits? |
|
| said by Indy Sabre:Would surfing in IE on a limited user account in W2000 likely prevent damage from these exploits? As long as the user doesn't have permission to install applications.
--
My family site |
|
Indy SabreSabre Rider From Indianapolis
join:2003-10-02 | said by TerryMiller:As long as the user doesn't have permission to install applications. Terry, thanks for the answer, that is what I thought.
BTW, I made the jump to installing a HOSTS file. Thanks for your helpful answers! |
|
TeMerc
join:2004-01-22
Phoenix, AZ | reply to eburger68
Little bit more on CNET:
»news.com.com/Attackers+strike+us···l?tag=nl
--
Remember............You can NEVER be OVERPROTECTED!! |
|
| reply to ctrip
About 90% of the browsing world
»regfreeze.freeserverhost.com/  |
|
