[clug] Dialing Home
Rodney Peters
rodneyp at iinet.net.au
Sun Aug 16 21:54:26 UTC 2015
On Sun, 16 Aug 2015 15:17:26 Scott Ferguson wrote:
> On 16/08/15 13:23, Owen Cook wrote:
> >> Sent: Sunday, August 16, 2015 at 1:04 PM
> >> From: "Scott Ferguson" <scott.ferguson.clug at gmail.com>
> >>
> >>
> >>
> >> Note: I've found privoxy phoning home in the past. An entry in
> >> /etc/hosts stops that.
> >>
> >> lsof | tail -n +2 | awk '{print $1 " " $2}'
> >
> > Hi,
> >
> >
> > I have a WD network drive and found it was "dialing Home" (129.253.8.107)
> > chewing up about 400Kbytes/hour.
> >
> > Can I really put something in /etc/hosts that will stop that?
>
> /etc/hosts is only effective when you want to change the real IP address
> associated with a URL. i.e. facebook can be made 127.0.0.1
> and even then, only when resolv.conf looks at /etc/hosts first.
>
> > Thought an iptables drop would sort that out but the limited debian distro
> > in the network drive doesnt have iptables.
> You could add it *if* the kernel supports netfilter (drop in a
> statically linked version).
>
>
> I prefer ipset (also requires netfilter support) for dealing with IP
> addresses - it's quicker, easier to manage, uses less resources, and is
> easy to configure for large blocks.
>
> > Thought a configuration change to my DLink router would fix it also, but
> > the router seems to accept web addresses only.
> Possibly for the same reason as /etc/hosts only works for URLs not IP
> addresses? i.e. cheap modem "routers" are toys, it probably just adds
> entries in it's /etc/hosts.
>
> Solutions might be to: change the OS on your DLink modem[*1];make your
> modem pass-through (it may only support bridging) and do your routing
> and firewalling further back - which is always preferable IMO.
>
> [*1] http://www.dd-wrt.com/wiki/index.php/Supported_Devices
>
A router that processses rules for outgoing traffic is needed eg Billin 7800 series. In theory
iinet's new Technicolour Gateway can but I can't get it to create a rule. Lower cost routers tend
not to.
Alternatively an additional IPFire router would and can identify source by MAC address. That
might be more reliable if the WD is getting its IP address via DHCP and the dhcpd server does
not make the address handed out persistent.
> > TIA
> >
> >
> > Owen
>
> Kind regards
More information about the linux
mailing list