|Main Archive Page > Month Archives > full-disclosure-uk archives|
> was a tick box along the lines of "disable all communication with MS
Well, as it pertains to WGA, the hack was to include the following in ./system32/drivers/etc/hosts :
If you have a router that can run [DD|Open]WRT, you can mount a SMB share and run tcpdump -w /that/share on your connection to see exactly what your system of choice is "doing" network-wise. You can also do this with a hub and another computer (or even directly on the box with winpcap, assuming you trust that M$ didn't do some trickery that would lie to it).
If you want to get fancier still, run Quagga on a linux box with a BGP feed from somewhere and blackhole AS8060, AS8069, AS8705, AS3598, and a couple of others I'm too lazy to look up at the moment .. and route your traffic through that.
Cleveland State University