|
Posted by Julian Dragut on August 10, 2006, 3:46 pm
If you were Registered and logged in, you could reply and use other advanced thread options
I cannot use neither ISA nor the PIX firewall for specific reasons. I would
like to play with the host file at a central location rather than all the
users on the network, but a host file on a DNS server doesn't seem to be
doing too much.
Any more ideas?
Thanks,
J
> Most of the time such IP spoof blockage is effected via the hosts file,
> as it takes priority in the Windows resolver over DNS resolution.
> Now, that is not a centralize approach, but implemented on each client
> with NTFS to prevent their changing it. However, as mail.google.com
> is not your zone your only other choice is to define a privately accessed
> primary zone and populate it with what is needed (which of course you
> would have to guess and otherwise work out . . . and then wait for it to
> need alterations, new records, changed IPs, etc. . . . a total mess).
>
> The real solution is filtering at your network edge.
>
> --
> Roger Abell
> Microsoft MVP (Windows Server : Security)
>
>
>> Hi,
>>
>> I'm trying to block google talk by using the dns lookup to
>> chatenabled.mail.google.com to return 127.0.0.1, but I don't want to
>> block any other google services/sites.
>>
>> Creating and maintaining a primary zone is out of the scope, secondary
>> zone won't transfer to my server (duh) and I was wondering is there are
>> other options down there ....
>>
>> Thanks
>>
>> J
>>
>
>
| 
XML site map