Great post by Rob John over on the Web boards at http://forums.isaserver.org/Hosts_file_to_block_ba…
I discovered a good little trick tonight, maybe you’ve seen it before, but here goes.
I’ve been considering the installation of a blackhole DNS solution to supplement all the other layers of our computer security. I haven’t been really keen on the idea because of the need for another DNS server and the upkeep of the records wasn’t exactly easy and quick.
I’ve known about the hosts files on the Internet for a long time that are useful to home users, and decided to play with it a little tonight at home. I couldn’t get my DNS server to use it, didn’t think it would, but I tried. I then applied the host file to my ISA2004 server, after a reboot, it worked and actually speed up client response times and blocked instantly. This is on a small home network, so I don’t know the impact yet in a large environment, I suspect the benefit will be similar.
The purpose of the blackhole DNS and a appropriate hosts file is to block spyware, adware and other malicious or annoying sites, such as ads, banners, counters and such. By using the hosts file, the site resolves to 127.0.0.1 immediately, or any address you want to specify.
I used the hosts file from http://www.mvps.org/winhelp2002/hosts.htm. I also reviewed their criteria, and it was very thorough. They mention on the site that the hosts file is updated periodically.
The benefit is that I can now take this to work and protect my entire enterprise, with another layer of protection, that is easily updated and maintained. Kudos to the mvps.org folks for a great service.
One caveat to using the hosts file, it appears to have no effect on firewall traffic, but worked great on proxy traffic. If your network allows web traffic only through the proxy, this should help greatly.