About The Hosts File

[waazaa]

How can I make that every single host will redirect to 127.0.0.1? And if it's impossible tell me how to do it on windows mobile

[nix-7]

Unfortunately you cannot do this via hosts.

To my knowledge you cannot use root . nor wild cards (*) in hosts files on both windows and *nix.

Your only option would be to try to enforce using a DNS server.

[digip]

if the cell phone was linux based and gave you access to the hosts.allow and hosts.deny, then in theory you could block specific addresses, but it won't do everything at once. It requires individual addresses as entries. If the phone uses IPtables(what phone does??? none that I know of) you could firewall off the itnernet.

Phones don't communicate in the same manner as you do with a PC and your home router. There are several ways to do it on the pc side, none of which would work with a hosts file alone though, and most of which won't work with cell phones due to how they communicate with the carriers. Most cellular phones communicate via certificates on more than just standard internet routing protocols, so not sure it would do anything other than block you from seeing the carriers webservers and block internet access on the phone, but won't stop all communications on the device.

As suggested above, being in control of the DNS server for any nodes you want to redirect would help, but the chances of you hacking into the cell phone comapnies DNS servers are pretty much impossible. Not impossible, but I don't think its going to happen any time soon. If you could manually change the DNS server on the phone itself, via custom app, or phone settings you could point it to 127.0.0.1, which would make all communications pretty much time out.(not taking into consideration of they are also working on Ipv6)

You could also do this with forcing users to connect through a proxy and then manage where they can go, but again, this probably isn't going to happen either, since most cell phone browsers and programs, don't work with proxies or have settings to connect through proxies, something you would also have to be able to force on the phone itself to use the proxy. Given its your own phone, that is fine, but last time I checked, none of the phones I have used have proxy settings for any of the apps, including the browsers.

You could also use iptables and forward all traffic to a specific address but thats only if the cell phone was forced to run through your network. That could work on a cell phone, but not without first having antenna equipment to intercept the cellular signal and force it to drop from encrypted to non encrypted traffic like 2G or such, then redirecting from there. Georgia Weidman does a lot of cell phone hacks, she would be someone to ask about this sort of thing and might even have working examples on how to do it, if possible, without needing to have cellular equipment for communicating with phones.

And lastly, I think a rouge app could be written to tap into the phone itself and sort of MITM everything to then do what you want with communications.

Edited January 3, 2012 by digip

[Jason Cooper]

In regards to the original post I had to do something similar for Linux machine, where any domain not in the hosts file would be redirected to localhost.

The solution I used was to run a local DNS server that would point everything to the localhost. As the order the OS resolves hosts is the hosts file then DNS it meant that anything not in the hosts file would be redirected to the localhost.

While there are a number of tools that would run a DNS in the way described I chose to craft a 5 minute perl script to do the job, as I already had perl on the machines and space was limited.

Here is the code I used, note that it binds to the localhost IPs (IPv4 and IPv6) so it won't be visible for other machines only the localhost. Also you will need to set up your machine to have its localhost listed as your only DNS server.

#!/usr/bin/perl

#  A nameserver that maps all hostnames to 127.0.0.1

use strict;
use Net::DNS::Nameserver;

my $ns = Net::DNS::Nameserver->new(
        LocalAddr        => ['::1' , '127.0.0.1' ],
        LocalPort        => "53",
        ReplyHandler => \&reply_handler,
        Verbose          => 0,
        Truncate         => 0,
);

$ns->main_loop;

sub reply_handler
{
        my ($qname, $qclass, $qtype, $peerhost,$query,$conn) = @_;
        my ($rcode, @ans, @auth, @add);

#       print "Received query from $peerhost to ". $conn->{"sockhost"}. "\n";
#       $query->print;

        if ($qtype eq "A") {
                my ($ttl, $rdata) = (3600, "127.0.0.1");
                push @ans, Net::DNS::RR->new("$qname $ttl $qclass $qtype $rdata");
                $rcode = "NOERROR";
        }else{
                $rcode = "NXDOMAIN";
        }

        # mark the answer as authoritive (by setting the 'aa' flag
        return ($rcode, \@ans, \@auth, \@add, { aa => 1 });
}

[digip]

In regards to the original post I had to do something similar for Linux machine, where any domain not in the hosts file would be redirected to localhost.

The solution I used was to run a local DNS server that would point everything to the localhost. As the order the OS resolves hosts is the hosts file then DNS it meant that anything not in the hosts file would be redirected to the localhost.

While there are a number of tools that would run a DNS in the way described I chose to craft a 5 minute perl script to do the job, as I already had perl on the machines and space was limited.

Here is the code I used, note that it binds to the localhost IPs (IPv4 and IPv6) so it won't be visible for other machines only the localhost. Also you will need to set up your machine to have its localhost listed as your only DNS server.

#!/usr/bin/perl

#  A nameserver that maps all hostnames to 127.0.0.1

use strict;
use Net::DNS::Nameserver;

my $ns = Net::DNS::Nameserver->new(
        LocalAddr        => ['::1' , '127.0.0.1' ],
        LocalPort        => "53",
        ReplyHandler => \&reply_handler,
        Verbose          => 0,
        Truncate         => 0,
);

$ns->main_loop;

sub reply_handler
{
        my ($qname, $qclass, $qtype, $peerhost,$query,$conn) = @_;
        my ($rcode, @ans, @auth, @add);

#       print "Received query from $peerhost to ". $conn->{"sockhost"}. "\n";
#       $query->print;

        if ($qtype eq "A") {
                my ($ttl, $rdata) = (3600, "127.0.0.1");
                push @ans, Net::DNS::RR->new("$qname $ttl $qclass $qtype $rdata");
                $rcode = "NOERROR";
        }else{
                $rcode = "NXDOMAIN";
        }

        # mark the answer as authoritive (by setting the 'aa' flag
        return ($rcode, \@ans, \@auth, \@add, { aa => 1 });
}

What happens when the request is an IP and not a HOSTNAME?

[Jason Cooper]

What happens when the request is an IP and not a HOSTNAME?

That would get past the DNS as it would never need to be resolved.

The main reason I required this was for a kiosk type machine that was limited to a couple of sites, the sites themselves may have links out to other sites, but we didn't want the users to be able to follow them. The point of redirecting to the local machine is that it is running an web server on it that serves out a page for any request that gives the user the choice of returning the previous page or resetting the kiosk back to the homepage.

Of course the machines are sat behind a firewall that drops outgoing connections to machines not in the list of allowed hosts, so they wouldn't be able to get out. However they would get stuck on a browser error page informing them of a failed connection and as it is in kiosk mode they don't get access to the address bar and so wouldn't be able to get back without restarting the machine. The redirecting other hosts to the web server on the local machine pretty much avoids this situation (as long as none of the sites allowed has a link to a blocked sites IP address).