DNS Tricks

PCHoldmannPCHoldmann Member Posts: 450
Does anyone know how to make a Win 2003 server spoof an address? I have some problems with employees visiting non work related sites, and wanted to redirect them to a local warning page.

i.e. www myspace com becomes

Quit screwing around!!!
There's no place like ^$
Visit me at Route, Switch, Blog

Comments

  • KGhaleonKGhaleon Member Posts: 1,346 ■■■■□□□□□□
    That would be excellent. icon_cool.gif

    KG
    Present goals: MCAS, MCSA, 70-680
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    That's not really 'spoofing', but you could make a fake mapping in DNS or in the employees clients hosts file to achieve what you want.

    I recommend forwarding them to an Acceptable Use Policy instead of "Quit screwing around!!!" though.
  • SRTMCSESRTMCSE Member Posts: 249
    Using VNC and closing the browser window works for me.
  • keatronkeatron Security Tinkerer Member Posts: 1,213 ■■■■■■□□□□
    Why don't you get a cheap machine (or a even an old one that's not used any more), put two NICs in it, make it proxy. Doesn't really matter what OS or proxy solution you use I prefer Linux but that's just preference. After you've done this you can re-direct globally to where ever you want. Not only that, you can generate some pretty convincing reports also.

    If you want to spend money, you can buy an out of the box solution. Like Sonicwall and the likes.
  • fonduefondue Member Posts: 104
    I've used few methods to solve your problem. If you're running a commercial firewall it probably comes with Custom Filters for blocking web access. Most will log the attempt and forward them to a webpage of your choice, ie Acceptable Usage page, SonicWall comes to mind.

    If your firewall won't do the trick, setup a DNS forward to a non-existance DNS server, ie 127.0.0.1. It will timeout and they will eventually get the hint.

    If you only want to limit individuals hack their hosts file.
  • rossonieri#1rossonieri#1 Member Posts: 799 ■■■□□□□□□□
    hello,

    first - there are 2 things to consider :
    1. where do you want to stop the actions? end-point machines/user or at the gateway?
    2. do you want a free/GPL softwares or commercial one?

    answer :
    1. end-user machines :
    you can use a personal firewall that capable doing URL filtering - but you might want to set per user machine policy.

    on the gateway : - use proxy. better overall policy set up (time, URL, delay etc.)

    2. your budget determines all. : )

    cheers. icon_cool.gif
    the More I know, that is more and More I dont know.
  • RussSRussS Member Posts: 2,068 ■■■□□□□□□□
    Lets just do this the easy way huh? Get into the guys machine and edit the hosts file - point whatever page you want to a warning page you have stored on his C drive icon_lol.gif
    www.supercross.com
    FIM website of the year 2007
  • JuddJudd Member Posts: 132
    There is a great pre-defined hosts file created by MVPS.org that you can install that blocks a ton of non work-related sites.

    http://www.mvps.org/winhelp2002/hosts.htm

    There is a ZIP file that you can download which includes a batch file that you could push to your clients as a runonce.

    Only problem with this is that it tends to slow down Win2K and XP clients. There is a services edit that you can do which will alleviate that issue though.

    Perhaps someone would be kind enough to provide a quick walk through on how to push this from a Windows 2K or 2K3 server to clients using a runonce and delete approach?
  • Ten9t6Ten9t6 Member Posts: 691
    RussS wrote:
    Lets just do this the easy way huh? Get into the guys machine and edit the hosts file - point whatever page you want to a warning page you have stored on his C drive icon_lol.gif

    haha..that is what I was thinking as I was reading this..... I guess hosts files can be used for something other than practical jokes...haha

    Kenny
    Kenny

    A+, Network+, Linux+, Security+, MCSE+I, MCSE:Security, MCDBA, CCNP, CCDP, CCSP, CCVP, CCIE Written (R/S, Voice),INFOSEC, JNCIA (M and FWV), JNCIS (M and FWV), ENA, C|EH, ACA, ACS, ACE, CTP, CISSP, SSCP, MCIWD, CIWSA
  • RussSRussS Member Posts: 2,068 ■■■□□□□□□□
    Ten9t6 wrote:
    haha..that is what I was thinking as I was reading this..... I guess hosts files can be used for something other than practical jokes...hahaKenny

    heh heh heh

    I got into our Linux gurus machine and put a couple entries into the hosts file ...
    I pointed http://www.linuxforum.com to microsoft.com and the wiki to a page that said "due to lack of interest this site has been discontinued" icon_lol.gificon_lol.gificon_lol.gificon_lol.gificon_lol.gificon_lol.gificon_lol.gif
    www.supercross.com
    FIM website of the year 2007
  • ubergeekubergeek Member Posts: 53 ■■□□□□□□□□
    hahaha nicely done.. :D bet some of the users are gonna have some headaches as well icon_lol.gif
    Thank you for calling Cisco Technical Assistance Center.. This is Edward how may I help you?
  • rossonieri#1rossonieri#1 Member Posts: 799 ■■■□□□□□□□
    "I have some problems with employees visiting non work related sites, and wanted to redirect them to a local warning page. "

    well, the man there said employees - right?

    cheers.. icon_cool.gif
    the More I know, that is more and More I dont know.
  • RussSRussS Member Posts: 2,068 ■■■□□□□□□□
    True rossonieri#1, but there is nothing better than giving one or two a little nudge. They talk to others around the water cooler and things start to happen icon_wink.gif
    www.supercross.com
    FIM website of the year 2007
Sign In or Register to comment.