Re: [Full-disclosure] Geolocation Question

From: Michael Holstein <michael.holstein_at_nospam>
Date: Fri Jan 08 2010 - 15:50:46 GMT
To: mrx <mrx@propergander.org.uk>

> was a tick box along the lines of "disable all communication with MS
> servers"

Well, as it pertains to WGA, the hack was to include the following in ./system32/drivers/etc/hosts :

127.0.0.1 mpa.one.microsoft.com

If you have a router that can run [DD|Open]WRT, you can mount a SMB share and run tcpdump -w /that/share on your connection to see exactly what your system of choice is "doing" network-wise. You can also do this with a hub and another computer (or even directly on the box with winpcap, assuming you trust that M$ didn't do some trickery that would lie to it).

If you want to get fancier still, run Quagga on a linux box with a BGP feed from somewhere and blackhole AS8060, AS8069, AS8705, AS3598, and a couple of others I'm too lazy to look up at the moment .. and route your traffic through that.

Cheers,

Michael Holstein
Cleveland State University

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

This message: [ Message body ]
Next message: security_at_nospam: "[Full-disclosure] [ MDVSA-2009:316-1 ] expat"
Previous message: Secunia Research: "[Full-disclosure] Secunia Research: Adobe Illustrator Encapsulated Postscript Parsing Vulnerability"
In reply to: mrx: "Re: [Full-disclosure] Geolocation Question"
Next in thread: Daniel Veditz: "Re: [Full-disclosure] Geolocation Question"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]