- PROTECT YOURSELF ONLINE -

[Moore]

#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$
#
$ - STF GUIDE TO ONLINE SECURITY -
#
#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$

Hi everyone , here are some handy links , information and programs for your online security.

If you have any questions dont be shy to ask for help, there are plenty of people on this forum capable of providing assistance..

Please do not duplicate this information without giving credit for the original source. -> www.sharethefiles.com -

###############################

IP Blocking Security

###############################

Currently there are only three options for people if they want to use the IP blocklists from Bluetack.

Most firewalls do support IP blocking , but they do not support importing a IP blocklist.

Manually entering the IP addresses need to keep you secure in other firewalls could take weeks.


Of all the popular firewalls available , Sygate supports the blocklists to a degree.. but there is a limit on how many ranges you can add , and it does suffer in performance when there are too many IPs added. Now it's been bought by Symantec and killed off , but the old versions are still available.

If you use Zonealarm , I personally wouldnt even bother trying to add IP's to it.. You already have enough problems. Just use Protowall or PG2.
No version of Zonealarm can be trusted to secure your computer. See here for more on their latest spying tactics: http://www.bluetack.co.uk/forums/index. ... opic=12881

Kerio / Tiny firewall , currently cannot import IP lists , probably never will , also faces performance issues and trying to add large amounts of IP's for blocking purposes is not recommended in any version.

===============================

Outpost Firewall / with Blockpost Plugin

===============================

Outpost Firewall is the leading software firewall available from Agnitum , currently at version 4.0

Outpost Pro 4.0 - 30 day trial download from here:

http://www.agnitum.com


Among the various plugins Outpost offers, is the Blockpost Plugin by Dmut/Fazion , moderators at the Outpost forum.

Blockpost is a free plugin which is always available from the last post here :

http://www.outpostfirewall.com/forum/sh ... php?t=7229


There are different versions for Outpost 2.5/2.7/3.0+ - Current Version of Blockpost works in OP 3.51/4.0

The main purpose of Blockpost is to block IP addresses , especially important for blocking large amounts of IP's , best of all it allows you to import the IP blocklists from Bluetack.

Blockpost can handle the largest blocklists out of all IP blocking utilities and does not dramatically affect system performance like other firewalls..

You can create your own lists if you prefer, or use the precompiled blocklists from Bluetack which are updated almost daily..

:: Blockpost support forum ::
http://www.outpostfirewall.com/forum/fo ... y.php?f=59

:: Blockpost download details ::
http://www.outpostfirewall.com/forum/sh ... php?t=7229

:: Blockpost Guide - UPDATED - ::
http://www.outpostfirewall.com/forum/sh ... php?t=9846

Blockpost has the highest priority over all connections in your firewall , and filters traffic effectively on all protocols. Blockpost is the most stable option for IP blocking , but obviously can only be used by Outpost firewall users.

Blockpost now has new features to allow port 80 / HTTP connections for P2P users who find they are getting sites blocked and do not have a personal exclusion list set up in the Blocklist Manager.

*New features include port and IP addresss whitelisting and Whois lookup tab.*




=======================
If you already use a different firewall , then the next two options would probably suit your needs better.
=======================


==================
PeerguardianV2
==================

Peerguardian was the original P2P IP blocking solution created by Method , formerly available from Methlabs , now called Phoenixlabs.

PG2 is a free download , there are versions for win98 and w2k/XP systems.

The new PG2 by Phrosty , does not have any of the limitations [ only blocked TCP ] and problems [ high cpu usage] that people had with PGV1. *Note* the Win9X [ 98/ME ] version of PG2 still only blocks TCP protocol only.

Some firewalls have been reported to conflict with PG2, so you may need to check the PL forums if you need to find out if your firewall is one of these. Outpost appears to be one of the firewalls that has conflicts with PG2.

::PG2 download page::
http://phoenixlabs.org/pg2/

::PG2 support forums::
http://forums.phoenixlabs.org/

::PG2 FAQ::
http://phoenixlabs.org/pg2/faq/


===========================
Protowall 1.42/ 2.01_Build 7
===========================



Protowall was designed by Dudez for the purpose of blocking large amounts of IP addresses while running alongside all other software firewalls.

Protowall is a free download , and only works on win2k/XP systems.

PW download and technical support is available from the B.I.S.S. forums.

Protowall will run beside any other software firewall and blocks packets on the network layer at the driver level , the lowest system level possible next to the OS kernel.

There are many versions available , the most current version is 2.01 build 9.

This current version was released due to a limit reached in previous versions of Protowall [ 2.0 ] ability to store IP's , due to an increase in blocklists sizes.. So , If you find Protowall crashing when you try to start it , you will need to upgrade to the latest version.

- Protowall free download page:
- http://www.bluetack.co.uk/modules.php?n ... load&cid=5

- Protowall help/installation guides:
- http://www.bluetack.co.uk/pwhelp
- http://www.bluetack.co.uk/firstaid/flas ... flash.html


- Miners guide to PROTOWALL and BLOCKLIST MANAGER here at STF:
- http://sharethefiles.com/forum/viewtopic.php?t=18463


- Protowall support Forums:
- http://www.bluetack.co.uk/forums/index. ... wforum=127

- PW FORUM SUPPORT SECTION :
- http://www.bluetack.co.uk/forums/index.php?showforum=19

- Kims Guide for Blocked IPs relating to windows services:
- http://www.bluetack.co.uk/forums/index. ... topic=6379

Interview by the Dial_Up_Boy , with Deathangel [Seraphielx] and Dudez, programmers of the Protowall and Blocklist Manager:
http://www.slyck.com/forums/viewtopic.php?p=28288



#################################################


[*Note*]
[Protowall users should also download the Blocklist Manager [linked further below] to use for updating their blocklists. The BLM features many IP tools and exclusion/inclusion managers to help manage your blocklists , and allows you to choose from the variety of lists at Bluetack.]


#################################################



============================
-------------------
BLOCKLIST MANAGER:
-------------------
============================

The Blocklist Manager is an application which downloads blocklists maintained by Bluetack and updates applications such as Kazaa Lite K++, PeerGuardian, eMule, Gnucleus and Morpheus, Outposts Blockpost plugin V 1+2 and of course ProtoWall

The Converter will convert blocklists and security rules from one format to another.

A list of supported formats at this time are:

Protowall
Peerguardian
Blockpost version 1 and version 2
Emule/cdonkey
GnucDNA
Generic IP ranges
Individual Ips from a range
Generic ip list
Shareaza XML
Sygate
ZoneAlarm XML
Single IP htaccess
Trusty format
Blackice Defender
Snort
Flowpoint
Bearshare

- BLM DOWNLOAD PAGE:
- http://www.bluetack.co.uk/blm.html

- BLM HELP SITE:
- http://bluetack.co.uk/blmhelp

- BLUETACK/BLM FORUM SECTION:
- http://www.bluetack.co.uk/forums/index. ... wforum=126


:: >>BLUETACK Downloads Page Link <<::

Bluetack FAQ:
http://www.bluetack.co.uk/modules.php?name=FAQ

Bluetack IP Blocklist Converter:
http://www.bluetack.co.uk/convert.html

Outpost / Blockpost guide to importing / updating IPs:
http://www.outpostfirewall.com/forum/sh ... php?t=9846

How To: Import IP's Into Sygate :
http://sharethefiles.com/forum/viewtopic.php?t=3149

Guide To Importing IP'S Into ZAP4 Using Dreamweaver
http://sharethefiles.com/forum/viewtopic.php?t=5403


Miners Blocklist Manager & Protowall Guide At STF :
http://sharethefiles.com/forum/viewtopic.php?t=18463


#################################################
- BLUETACK SECURITY LINKS -
#################################################

- ONLINE BLUETACK SECURITY GUIDES CENTRAL -

covering the following topics:

- FIREWALL GUIDE -
- HOSTS File Guide -
- IP ADDRESS GUIDE -
- ANTI-TROJANS GUIDE -
- SPYWARE SUCKS GUIDE -
- WWWeb SECURITY GUIDE -
- PACKET SNIFFING -
- INTRUSION DETECTION -
`°o[][Anonimity through Proxies][]o°`
- Agnitum Outpost / BLOCKPOST V2.1 IP blocking Plugin Guide -
- ANTI-VIRUS GUIDE -
- Sniffing How it works / security advice - [DA]
- Opening Ports On Firewalls - [DA]
- Tunneling out from restrictive firewalls - [BT]
- Introduction to BitTorrent -
- Ultimate DCS Portlist -

<><><><><><><><><><><><><><><><><>

STF Guides // Tutorials

<><><><><><><><><><><><><><><><><>

ShareTheFiles Tutorials Section:
http://sharethefiles.com/forum/viewforum.php?f=24

For beginners of P2P:
http://sharethefiles.com/forum/viewtopic.php?t=2303

New to downloading ? , all in one guide by Wmboos:
http://sharethefiles.com/forum/viewtopic.php?t=8057


Original STF Security Guides [ Updated at Bluetack ]

Kill Spyware Guide::
http://sharethefiles.com/forum/viewtopic.php?t=2547
HOSTS file Protection Guide:
http://sharethefiles.com/forum/viewtopic.php?t=16006
:: ~FIREWALL PROTECTION~ ::
http://sharethefiles.com/forum/viewtopic.php?t=3099
[][ ~TROJAN / SPYWARE PROTECTION GUIDE~ ][]
http://sharethefiles.com/forum/viewtopic.php?t=2547
~ANTI-VIRUS~
http://sharethefiles.com/forum/viewtopic.php?t=3248
~Introduction to tracing IP Addresses~
http://sharethefiles.com/forum/viewtopic.php?t=2549
[][€ `°°¤ ANØNIMITY ØN THE INTERNET ¤°°`€][]
http://sharethefiles.com/forum/viewtopic.php?t=9609


XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

..:: EXPLOIT / THREAT MINIMISATION ::..

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Use the following tools/ information to help shut down vulnerable services running by default on your computer:

Windows Worm Doors Cleaner v1.4.1 : http://www.firewallleaktester.com/wwdc.htm

GRC Security Utilities :
Including - shoot the messenger [ disable windows messenger service ] , UnPlug n' Pray [ disable plug & play ] , DCOMbobulator [ disable DCOM ] , the original firewall leaktest and more :
http://grc.com/freepopular.htm

XP anti spy : Disables "calling home" features in windows :
Download link !

Win2000/XP info on configuring windows services:
http://www.blackviper.com/

TweakXP -
http://www.tweakxp.com/security_tweaks.aspx


>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

If you suspect you have been infected with a virus , run a virus scan from at least two of these online virus scan sites:

Be sure to have the AutoFix box(es) checked.

1) Trend Housecall - http://housecall.trendmicro.com/
2) RAV AntiVirus Scan Online - http://www.ravantivirus.com/scan/
3) Panda's ActiveScan - http://www.pandasoftware.com/products/ActiveScan.htm
4) BitDefender Online Virus Scan - http://www.bitdefender.com/scan/licence.php
5) McAfee FreeScan - http://us.mcafee.com/root/mfs/default.asp

--


How to tell if a program is good or bad ?

Some examples of the steps you can take to determine a programs intentions :
http://www.spywarewarrior.com/viewtopic.php?t=20166

--

Suspected Malicious File scans sites:
http://virusscan.jotti.dhs.org/
http://www.kaspersky.com/scanforvirus

--

System security Tests:
Qualys, http://browsercheck.qualys.com/
Auditmypc, http://www.auditmypc.com/
Scanit, http://webtest.scanit.be/bcheck/index.php
Iprive, http://www.iprive.com/analyze/

FIREWALL Scan Test sites :
Sygate, http://scan.sygate.com/
GRC, https://www.grc.com/x/ne.dll?bh0bkyd2
Blackcode, http://www.blackcode.com/scan/
DSLReports, http://www.dslreports.com/scan
HackerWatch, http://probe.hackerwatch.org/probe/probe.asp
hackerwhacker, http://delta.hackerwhacker.com/freetools.php
SecurityMetrics, http://www.securitymetrics.com/portscan.adp
Lockdowncorp.com, http://stealthtests.lockdowncorp.com/
Securityspace, http://www.securityspace.com/smysecure/ ... index.html
Symantec, http://security.symantec.com/sscv6/home.asp?bhjs=0
Pcflank, http://www.pcflank.com/

Trojanscan Sites:
http://www.trojanscan.com/trojanscan/
http://scan.sygate.com/pretrojanscan.html
http://www.blackcode.com/scan/index.php

Spyware scans
http://www.doxdesk.com/parasite/
http://www.spywareinfo.com/xscan.php

Popup tests sites:
http://www.kephyr.com/popupkillertest/index.html
http://proxomitron.info/tests/poptest.html
http://www.dummysoftware.com/popupdummy_testpage.html
http://www.webknacks.com/aptest.htm

See for yourself how much private information can be retrieved from your system by others :

http://www.gemal.dk/browserspy/
http://www.elfqrin.com/binfo.shtml

IP testing page:
- http://www.interlacken.com/tricks/exec/ ... gyprop.asp

- PORT SEARCHES -
http://isc.sans.org/port_details.html?port=80
http://lists.gpick.com/portlist/lookup.asp

* list of free online services:
-virus scans-portscans-security scans-more
- http://www.wilders.org/free_services.htm


############
:: TOP LINKS ::
############

Protecting Your Privacy & Security on a Home PC - Eric Howes
- http://www.spywarewarrior.com/uiuc/index.html

Calendar Of Updates forum:
- http://www.dozleng.com/updates/index.php

Bleeping computer Self-Help and Reading Room
- http://www.bleepingcomputer.com/forums/forum55.html

Anti-Online Tutorials :
- http://www.antionline.com/showthread.ph ... did=133897

System wide filtering and blocking
- http://www.pacificnet.net/~bbruce/system.htm

Outpost firewall Guide:
- http://www.outpostfirewall.com/guide/guide_map.htm

List of Lists:
- http://lists.gpick.com/

Insecure.Org top 75 tools list:
http://www.insecure.org/tools.html

Fravia's Seekers Guide:
- http://www.searchlores.org/filesearch.htm

Top 20 vunerabilities;
- www.sans.org/top20/

Denial Of Service attacks help page:
- http://www.denialinfo.com/

Anonymous internet browsing quick start page:
- http://www.space.net.au/~thomas/quickbrowse.html
- http://www.proxys4all.com/web-based.shtml

Windows file replacements:
http://209.133.47.200/~merijn/winfiles.html

Missing System Files:
http://www.snapfiles.com/help/missingfiles.html

http://www.garykessler.net/library/prot ... me_systems

=====================
Email Privacy / Spam Prevention
=====================

- Throw away email addresses -

Spamgourmet - www.spamgourmet.com
Spam motel - www.spammotel.com

List of disposable email accounts:
http://spamotomy.com/tools.php?softwaretype=4

Full list of anti-spam tools:
http://spamotomy.com/tools.php?id=0

------------------------------------------------


#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$#$

[Moore]

##################################################

ANTI - SPYWARE

##################################################

If you suspect your computer has been hijacked / infected you can seek help here in the security section of STF by asking any questions or posting a hijack this log into a new topic.


Because help may not be instantly available , here are some resources which should help you investigate things a litle bit further on your own ...

=========================================

IMPORTANT : If you choose to post a hijackthis log , do not follow repair / removal advice from anyone except a staff member here at STF , and especially from anyone who has no idea what they are talking about , the wrong guess could leave your computer unuseable.

=========================================

The following classrooms are available for anyone who is interested in learning more about spyware and working on Hijackthis logs from the experts.

Malware Removal University :
http://forum.malwareremoval.com/viewtopic.php?t=233

SPYWARE INFO:
http://forums.spywareinfo.com/index.php?showtopic=34

TOM COYOTE :
http://tomcoyote.com/classroom/

==========================================

How to Eliminate Spyware, Adware, and Random Pop-ups:
http://sharethefiles.com/forum/viewtopic.php?t=3659

Spyware sucks Guide:
http://www.bluetack.co.uk/forums/index.php?showtopic=76

PC Hell - Anti-Spyware + Removal Information:
- http://www.pchell.com/support/spyware.shtml

How to Stop Hijackers & Spyware Infections, And other malware too!
http://forum.gladiator-antivirus.com/in ... topic=9857

GLADIATOR ANTI-VIRUS - Anti-Spyware Guide:
http://forum.gladiator-antivirus.com/in ... topic=9757

How did I get infected & What is a BHO ? - Tony Klein :
http://castlecops.com/postitle7736-0-0-.html

---------------------------------------------------------
-----------------------------------------------------
:: SPYWARE WARRIOR RESOURCES ::
-----------------------------------------------------
---------------------------------------------------------


ERIC HOWES/SPYWARE WARRIOR - ROGUE SPYWARE LIST ::
- http://www.spywarewarrior.com/rogue_anti-spyware.htm

Spyware warrior knowledge base:
- http://www.spywarewarrior.com/index.php?c=11

Anti-spyware Tutorials-
- http://www.spywarewarrior.com/viewforum.php?f=30

Self Help Resources Forurm:
- http://www.spywarewarrior.com/viewforum.php?f=26

Malware Removal Tools and Programs forum:
- http://www.spywarewarrior.com/viewforum.php?f=27

Anti-spyware Spyware Help guides and Howto's:
http://www.spywarewarrior.com/viewtopic.php?t=2996

Protection/Prevention/Detection:
http://www.spywarewarrior.com/viewtopic.php?t=2961

Malware Tools and Removal Program page
- http://www.spywarewarrior.com/viewtopic.php?t=2958


##################################



*How to Boot into Safe mode:
http://service1.symantec.com/SUPPORT/ts ... 2409420406
http://www.pchell.com/support/safemode.shtml


*Show Hidden and System files and folders
http://www.xtra.co.nz/help/0,,4155-1916458,00.html



##################################

:: HIJACK THIS TUTORIALS ::

##################################

Merijns Hijackthis tutorial:
- http://www.spywareinfo.com/~merijn/htlogtutorial.html

HijackThis Quick Start
- http://www.tomcoyote.org/hjt/

Acsells HijackThis tutorial:
- http://hometown.aol.co.uk/jrmc137/hjttu ... torial.htm

HijackThis Tutorial- How to Analyse your own log:
- http://www.spywarewarrior.com/viewtopic.php?t=3624

How to use HijackThis:
- http://forum.gladiator-antivirus.com/in ... topic=9469

How to remove spyware with hijack this :
- http://www.bleepingcomputer.com/forums/ ... utorial=42

- http://hjt.wizardsofwebsites.com/
- http://www.netstar.me.uk/hjt/hjt.html
- http://spywarewarrior.com/viewtopic.php?t=1044
- http://computercops.biz/HijackThis.html

HIJACK THIS cleaning & Security links:
- http://members.home.nl/edeijl/acred/cleaning.htm

>>>>>>>>>>>>>>>>>>>>>>>>>

:: HIJACKTHIS DOWNLOAD ::

<<<<<<<<<<<<<<<<<<<<<<<<<

http://www.merijn.org/files/hijackthis.zip
http://computercops.biz/zx/Merijn/hijackthis.zip
http://www.spywareinfo.com/~merijn/files/hijackthis.zip
http://tools.radiosplace.com/hijackthis.zip

HijackThis hotkey - HijackThis search assistant-
http://hometown.aol.co.uk/jrmc137/HJTHotkey/

<<<<<<<<<<<<<<<<<<<<<<<<<

---------------------------
Spyware Info Anti-Spyware Help threads:
---------------------------

"Hijacked Users" - Start here
http://forums.spywareinfo.com/index.php?showtopic=23382

Removal Tools: "Ad-Aware", Updated for Ad-Aware SE Build 1.05
http://forums.spywareinfo.com/index.php?showtopic=11150

Removal Tools: "Spybot"
http://forums.spywareinfo.com/index.php?showtopic=18080

Removal Tools: "CWShredder"
http://forums.spywareinfo.com/index.php?showtopic=11202


################################

:: BHO Lists / Start Up lists / Process Libraries ::

################################

- http://www.generation.net/~hleboeuf/bho_a_d.htm
- http://www.sysinfo.org/bholist.php
- http://computercops.biz/CLSID.html
- http://computercops.biz/LSPs.html
- http://computercops.biz/StartupList.html
- http://computercops.biz/software.html
- http://www.windowsstartup.com/wso/search.php
- http://www.sysinfo.org/startuplist.php
- http://www.rockymountain.com/ref_startup.htm
- http://www.allsecpros.com/startuplist.html
- http://members.shaw.ca/austin.powers/
- http://www.3feetunder.com/krick/startup/list.html
- http://www.michaelpreslar.com/sysinfo/startupinfo.html
- http://www.neuber.com/taskmanager/process/index.html
- http://www.reger24.de/processes.php
- http://www.answersthatwork.com/Tasklist ... sklist.htm
- http://www.cknow.com/ckinfo/def_a/autostart.shtml
- http://www.pacs-portal.co.uk/startup_index.htm
- http://www.pacs-portal.co.uk/startup_pa ... up_all.php
- http://www.processlibrary.com/
- http://www.liutilities.com/products/win ... sslibrary/
- http://www.liutilities.com/products/win ... ry/system/
- http://www.liutilities.com/products/win ... /security/


Spyware.exe list:
- http://www.pcpitstop.com/spycheck/SWList.asp?pg=20&st=0


#####################################################
Winsock Fixes
#####################################################

Some spyware hijacks can damage your internet connection when removed and you will need to use one of these repair tools below to fix the damage and get back your internet connection.


LSP Fix - Bill Webb
lspfix.zip - includes the program and documentation
http://www.cexx.org/lspfix.zip
http://computercops.biz/downloads-file- ... x_1.0.html

WinSock XP Fix - shaw.ca
http://members.shaw.ca/techcd/WinsockXPFix.exe - Winsock repair utility designed for Windows XP.
http://tntmax.com/Download/Software/Win ... x.exe/view

Winsock2fix
http://www.bu.edu/pcsc/internetaccess/winsock2fix.html - Winsock repair utility designed for Windows 98, 98SE, and ME.

Whndnfix
http://digital-solutions.co.uk/lavasoft/whndnfix.zip - Winsock repair utility for Windows 95/98/98SE/ME.


#################################
## Spyware Threats Research ##
#################################

Rogue Anti-Spyware list:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Webhelper Spyware Research:
http://www.webhelper4u.com/

DoxDesk Parasite list:
http://www.doxdesk.com/parasite/

PestPatrol, Most Prevalent Pests (past 28 days)
http://research.pestpatrol.com/Lists/Mo ... tPests.asp

Webroot
Top 8 threats based on frequency of detection on the site's free spyware scanner tool
http://www.webroot.com/spywareinformati ... opthreats/

Winpatrol top 10 :
http://www.winpatrol.com/stats.html

A? 10 most prevalent spyware in past 3 days
http://www.emsisoft.com/en/malware/stats/

Spybot Spyware Update list:
http://safer-networking.org/en/updatehistory/index.html

#####################################################

thats enough for one day ....

[Mauzer]

Not sure if this is already listed in the first post , but here is a link to the Blacklists FAQ on the B.I.S.S. site.

As for the driver:

Why do i get a 'Protowall.sys Not Loaded' error?
READ ME FIRST: Your Protowall.inf driver is in the installation directory ("C:>Program Files>Dudez>Protowall" in one of the driver subfolders. Which one it is in will depend on your operating system).

After Protowall installation, you receive a "Protowall.sys not loaded" error message when you try to start the program.

Remember, all of the below steps are independent. Your problem can be solved by one of the steps below but it is NOT a step by step procedure. If one step does not solve your problem, go to the next one.

IMPORTANT: Never use, point, right-click or whatever on the Protowall_mp.inf file! You must use Protowall.inf file only. Protowall will take care of the other one during installation. Install the driver/service as described at http://bluetack.co.uk/pwhelp.

1. Check in your Adapter->Properties->Network tab if there is a Protowall item and that it is checked. The complete steps on how to get to the Network tab are in the next paragraph.

The adapter is the device normally used to connect your PC to Internet. It could be a modem, router, etc. It is shown in your “Network Connections” window. You can get to that window by clicking “Start”->“Settings”->“Control Panel”. In the Control Panel window you will see the “Network Connections” icon. Double click it and it will list your "Adapter". On your modem (adapter, router or whatever), right-click it, select "Properties" and a window will appear. At the top, there is the “Network” tab. That is where you will find all your networking services and where you need to make sure there is a check next to the Protowall driver.

2. When you install the Protowall service in your Adapter->Properties->Network section (see above for instructions on how to get to the “Network” tab if you need to), be sure to follow the procedure as described at http://bluetack.co.uk/pwhelp and be sure to use the Protowall.inf driver ONLY during the installation procedure.

3. Go to the “Network” tab of your connection again (see step #1 for instructions on how to get there), select "Protowall" and hit "Uninstall". When it is uninstalled, reinstall it.

4. Uninstall it completely, reboot in safe mode with network support, and then reinstall it.

5. Uninstall Protowall. Create a bridge with the “Network Setup Wizard” and install Protowall. Add the Protowall service to the bridged connection. Then if Protowall works but your Internet connection does not anymore delete the bridge connection and reboot.

Some computers as we know have more than one type of connection in local area connections. In this case you may have to bridge connections. For instance, if you have a 1394 connection and bridged it with your Local Area Connection (NIC or network card). Highlight both the connections then right-click them and select “Bridge these connections”. Then add the Protowall service back to this newly bridged connection.

If you have installed Protowall on the new bridged connection and you still get the Protowall.sys not loaded message go back and delete the bridged connection (in this case the 1394 connection).

Subsequently deleting the bridge, or disabling the 1394 connection, brings you back to just your Local Area Connection (if your not using the 1394 connection you may feel better with it disabled rather than bridged) then reboot and start Protowall again. This does not work for everyone but it has for most.

If you have more than one network card you will need to disable one because Protowall will not run on both at the same time. You will have to go into the “Device Manager” under “Network Adapters” and right-click the Network card that you are not using and disable it. To get to the “Device Manager”, go to the “Control Panel” and double-click on “System”. Go to the “Hardware” tab and you should see a button called “Device Manager”.

In Protowall 2.0, you will have to select the adapter that you are using in the main Protowall GUI in the dropdown list box before Protowall will work correctly.

(Bridged connections are supported in Windows XP, but not for remote connections) or just create a Bridge between the 1394 and the Local Area Connection. It will be fine without rebooting in safe mode.

6. If you are running Windows 2000, be sure to have Service Pack 4 installed, or Protowall will always give you that error message.

7. You have installed the driver (or you suppose it is done) with the driver installer downloaded here, and you have the error message -> check if the Protowall service is present in your Adapter->Properties->Network section. If it is not installed install the driver manually as described in the help (link here above). If it is installed, uninstall it and re-install it manually. NOTE: Many people have reported that the driver installer supplied just the Windows 2k & Windows 2003 drivers. If you are not able to find the XP driver, download the program installer, not the driver installer, and you will find your XP driver in your Protowall installation folder.

8. This free tool pserv.cpl may help you have more control over your services and devices on your system. pserv.cpl is a Windows NT/2000 Control Panel Applet that:

Allows you to control all NT services
Allows you to control all NT devices
Allows you to connect to remote machines
Has many features your Windows 2000 MMC doesn't offer you
Is fast!
http://p-nand-q.com/download/pserv_cpl.html

9. Protowall does not support (version 1.x) terminal services or remote desktop.
However, you may be able to install Protowall on a server running Windows 2k3 Server and control Protowall from other machines.

As previously stated, Protowall will not work via Remote Desktop
(Start/Programs/Accessories/Communications/Remote Desktop Connection).

However, if you connect to the server or other machine using Remote Desktops (note the plural Desktops) via Start->Programs->Administrative Tools->Remote Desktops, you will be able to control Protowall with a Console window.

For those not familiar with Console use:

Right-click the Remote Desktops entry in the tree under Console Root and select "Add New Connection".

Another window will open asking for the Connection and Log-on details.

Enter the IP of the server (if you browse for it, you may be told that Terminal Services are not available).

Leave the Connection Name blank if you wish.

Enter the Log-on information, save the password and click "ok".

A new icon will appear in the tree under Remote Desktops.

Right-click the icon/name and select "Connect".

Now, for future use, select File/Save As and save the Console as ".msc in a handy place.

In the future if you double click that shortcut, you will connect directly to your server and Protowall.

10. Check if your system is set to accept/reject drivers without digital signatures (right-click on the “My Computer” icon on your desktop, select “Properties”, go to the “Hardware” tab and, in the middle, hit “Driver Signature”).

11. You have installed the Protowall service with the switch? DO IT MANUALLY (see the link in step #2)!

12. You have installed Protowall by right-clicking on the .inf file and selecting "Install"? DO IT MANUALLY!

13. You have installed the Windows security patch KB823559-x86 before the IE6 sp1; uninstall the patch, reboot, install IE6 SP1.

IE6 SP1 link:

http://www.microsoft.com/downloads/deta ... b602228de6

Reinstall the patch. Link here:

http://support.microsoft.com/default.as ... -us;823559

ProtoWall FAQ
ProtoWall Help File

Hope this is enough help

[Moore]

Does anyone know where i could find a summary of all the sources in BLM? Cause im just not sure which ones i should have enabled and disabled etc...

thanks anyway

EDIT: Just installed Protowall, and am having problems with the 2000 driver...
when i try to run protowall it says that the driver has not been loaded, so then i open the cmd, and put in the path of the file followed by "pwdrvinst -i" and it says that it cant run the .sys file while in win32 mode.. im very confused, any help appreciated.

You are having trouble because you are not installing it the right way groggypoo.

Hopefully this guide will help you get the driver installed ..
http://www.bluetack.co.uk/firstaid/flas ... flash.html

Blacklists FAQ , covers all the main lists available from Bluetack:
http://www.bluetack.co.uk/forums/module ... klists+FAQ

[Moore]

=================
:: Rootkits ® ::
=================

Under Construction

What is a Rootkit?

The term rootkit is used to describe the mechanisms and techniques whereby malware, including viruses, spyware, and trojans, attempt to hide their presence from spyware blockers, antivirus, and system management utilities.

Rootkits are typically not malicious by themselves but are used for malicious purposes. A virus combined with a rootkit produces what was known as full stealth viruses in the MS-DOS environment.

The rootkit itself does typically not cause deliberate damage. Its purpose is to hide software. But rootkits are used to hide malicious code. A virus, worm, backdoor or spyware program could remain active and undetected in a system for a long time if it uses a rootkit.

The malware may remain undetected even if the computer is protected with state-of-the-art antivirus. And the antivirus can't remove something that it can't see. The threat from modern malware combined with rootkits is very similar to full stealth viruses that caused a lot of headache during the MS-DOS era.


All this makes rootkits a significant threat.


There are several rootkit classifications depending on whether the malware survives reboot and whether it executes in user mode or kernel mode.

Persistent Rootkits

A persistent rootkit is one associated with malware that activates each time the system boots. Because such malware contain code that must be executed automatically each system start or when a user logs in they most store code in a persistent store, such as the Registry or file system, and configure a method by which the code executes without user intervention.

Memory-Based Rootkits

Memory-based rootkits are malware that has no persistent code and therefore does not survive a reboot.

User-mode Rootkits

There are many methods by which rootkits attempt to evade detection. For example, a user-mode rootkit might intercept all calls to the Windows FindFirstFile/FindNextFile APIs, which are used by file system exploration utilities, including Explorer and the command prompt to enumerate the contents of file system directories. When an application performs a directory listing that would otherwise return results that contain entries identifying the files associated with the rootkit, the rootkit intercepts and modifies the output to remove the entries.

The Windows native API serves as the interface between user-mode clients and kernel-mode services and more sophisticated user-mode rootkits intercept file system, Registry, and process enumeration functions of the Native API.

This prevents their detection by scanners that compare the results of a Windows API enumeration with that returned by a native API enumeration.

Kernel-mode Rootkits

Kernel-mode rootkits can be even more powerful since, not only can they intercept the native API in kernel-mode, but they can also directly manipulate kernel-mode data structures. A common technique for hiding the presence of a malware process is to remove the process from the kernel's list of active processes.

Since process management APIs rely on the contents of the list, the malware process will not display in process management tools like Task Manager or Process Explorer


Is there a sure-fire way to know of a rootkit's presence?

In general, not from within a running system.

A kernel-mode rootkit can control any aspect of a system's behavior so information returned by any API, including the raw reads of Registry hive and file system data performed by RootkitRevealer, can be compromised.

While comparing an on-line scan of a system an off-line scan from a secure environment such as a boot into an CD-based operating system installation is more reliable, rootkits can target such tools to evade detection by even them.

The bottom line is that there will never be a universal rootkit scanner, but the most powerful scanners will be on-line/off-line comparison scanners that integrate with antivirus.


About rootkits :
http://www.infosecwriters.com/texts.php?op=display&id=156 - The Art of Rootkits
http://en.wikipedia.org/wiki/Rootkit
http://www.f-secure.com/blacklight/rootkit.shtml
http://research.microsoft.com/rootkit/ -
http://www.sysinternals.com/Utilities/RootkitRevealer.html

Windows rootkits of 2005, part 1 , 2 & 3
http://www.securityfocus.com/print/infocus/1850
http://www.securityfocus.com/infocus/1851
http://www.securityfocus.com/infocus/1854

http://www.windowsecurity.com/articles/Hid...nvironment.html

Getting Rid Of Windows Rootkits:
http://home.arcor.de/scheinsicherheit/rootkits.htm

Haxdoor Rootkit:
http://www.f-secure.com/v-descs/haxdoor.shtml

AFX Rootkit [ Open Source Delphi rootkit]
http://www.greatis.com/unhackme/afxrootkitremoval.htm

----------------------------------------------------------------------------------------------------


- Sysinternals Rootkit revealer -

http://www.sysinternals.com/Utilities/RootkitRevealer.html

RootkitRevealer is an advanced patent-pending root kit detection utility. It runs on Windows NT 4 and higher and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. RootkitRevealer successfully detects all persistent rootkits published at www.rootkit.com, including AFX, Vanquish and HackerDefender (note: RootkitRevealer is not intended to detect rootkits like Fu that don't attempt to hide their files or registry keys).

- Blacklight -

F-Secure BlackLight is intended for all computer users who want additional security by checking their system for rootkits. F-Secure BlackLight is suitable for use in both home and business environments

http://www.f-secure.com/blacklight/
http://www.f-secure.com/blacklight/screenshots.shtml

F-Secure BlackLight can detect and eliminate active rootkits from the computer. Traditional antivirus scanners can't detect active rootkits.
On a normal system F-Secure BlackLight does not confront the user with a long list of suspected objects. This makes F-Secure BlackLight useful even for non-technical users.
F-Secure BlackLight Rootkit Elimination Technology can be used in the background during normal system operation. Other available scanners require a reboot during scan or may produce false positives if the system is used during scanning.

- UnhackMe -
http://www.greatis.com/unhackme/index.html

What is UnHackMe?

UnHackMe allows you to detect and remove a new generation of Trojan programs - invisible Trojans. They are called "rootkits".
UnHackMe is not a usual Trojan's scanner like RegRun or HijackThis.

It's used to detect Invisible Trojans (rootkits) only!

A rootkit is a collection of programs that a hacker uses to mask intrusion and obtain administrator-level access to a computer or computer network. The intruder installs a rootkit on a computer using a user action or by exploiting a known vulnerability or cracking a password. The rootkit installs a backdoor giving the hacker a full control of the computer. It hides their files, registry keys, and process names, and network connections from your eyes.

Your antivirus could not detect such programs because they use compression and encryption of its files. The sample software is Hacker Defender rootkit.

- ICESword -

IceSword 1.12 English version

This is not a toy , you could do just as much damage with this program as anything you are trying to prevent , so use with caution.

http://xfocus.net/tools/200509/1085.html

IceSword Author Speaks Out On 'Rootkits':
http://itmanagement.earthweb.com/columns/e...cle.php/3512621

IceSword has a Windows Explorer-like interface but displays hidden processes and resources that Windows Explorer would never show. It isn't a "click-here-to-delete-rootkits" product but a sophisticated discovery tool that can protect against sinister rootkits if used before they infect a machine

- InvisibleThings.org -
http://invisiblethings.org/tools.html

Various tools and proof of concept code


- RKDetect -

RKDetect is a little anomaly detection tool that can find services hidden by generic Windows rootkits like Hacker Defender. The tool enumerates the services on a remote computer via WMI (user level) and Services Control Manager (kernel level), the result is then compared and any difference is displayed. In this way we can find hidden services that are usually used to start rootkits. Similar approach can be used to enumerate processes, files, registry keys and anything that rootkits usually hides.

Source Code:
The tool is a VB script which requires the sc.exe application that can be found in %WINDIR%\system32\sc.exe or can be downloaded along with the source code below at: http://www.security.nnov.ru/files/rkdetect.zip


----------------------------------------------------------------------------------------------------

Further reading - Spannerintheworks has put together a great compilation of information on RootKit Detection + Prevention !

http://www.sysinternals.com/Forum/forum_po...sp?TID=962&PN=1

Follow the download instructions closely - after downloading rename the downloaded .jpg file to .zip and then you can open it.


----------------------------------------------------------------------------------------------------

Currently my favourite protection against rootkits would be Processguard , with System Safety Monitor also being effective at preventing most installations.

ProcessGuard
http://www.diamondcs.com.au/

System Safety Monitor
http://syssafety.com/

There are of course other sandbox applications available, if you arent satisfied with just these.

----------------------------------------------------------------------------------------------------

See here for full anti-trojan guide:
http://gladiator-antivirus.com/forum/in ... opic=22041

----------------------------------------------------------------------------------------------------

[Moore]

###################################################################


<< STF HOSTS File Protection Guide >>


###################################################################


Why should I use a HOSTS file ?


A regularly updated HOSTS file can help to prevent spyware / malware from making connections to and from your computer
and also prevent your browser from accessing sites which serve advertising or collect marketing data on you.

By making good use of the HOSTS file , which is already part of the windows operating system ,
you can greatly improve your safety on the internet , save your bandwidth and reduce the chances of being hijacked.

You can also feel more comfortable in knowing that you have increased your protection against rampant spyware & adware ,
while also reducing the amount of personal information that is being gathered about you from websites.

It's important to keep your HOSTS file updated like most other security tools ,
many of the HOSTS files listed on this page are updated regularly to keep up with the newer malicious sites discovered.

You can add your own sites as you wish , or download a pre made Hosts file maintained by various sites for free.

=======================================

What it does ...

The Hosts file contains the mappings of IP addresses to host names.

This file is loaded into memory at startup, then Windows checks the Hosts file before it queries any DNS servers, which enables it to override addresses in the DNS.

This prevents access to the listed sites by redirecting any connection attempts back to the local machine.

Another feature of the HOSTS file is it's ability to block other applications from connecting to the Internet, as long the the entry exists.

You can use a HOSTS file to block ads, banners, cookies, web bugs, and even most hijackers.

This is accomplished by blocking the Server that supplies these little gems.

Example - the following entry 127.0.0.1 ad.doubleclick.net blocks all files supplied by that DoubleClick Server to the web page you are viewing.

This also prevents the server from tracking your movements

Blocking Unwanted Parasites with a HOSTS File -
Proudly now the #1 rated HOSTS file on the Internet!
http://www.mvps.org/winhelp2002/hosts.htm


=======================================


Bluetack HOSTS File information and download -
http://bluetack.co.uk/hosts.html
http://www.bluetack.co.uk/forums/index.php?showforum=125

:: Bluetacks NEW Hosts File ::
http://www.bluetack.co.uk/forums/index.php?showtopic=8406

=======================================

How do I install this HOSTS file?

Simply download the file and put it in the following location depending on your Operating System:

Windows XP C:>WINDOWS>SYSTEM32>DRIVERS>ETC
Windows 2K C:>WINNT>SYSTEM32>DRIVERS>ETC
Windows 98/ME C:>WINDOWS

The Hosts file must have no file extension to work properly , this means it should not end with a .txt .doc. etc , it should just be labelled HOSTS.

Please read this great post by Blackspear at Wilders Security Forums ,
for an extremely well detailed guide to installing a Hosts file [ with pictures 8) ]

<> http://www.wilderssecurity.com/showthread.php?t=78363 <>

=======================================

Just in case you're wondering : You cannot block IP addresses in a HOST file , only the hostname.

Example:
YES: fedora.nictechnetworks.com
NO: 69.20.16.183


Entries in the Hosts file must begin with localhost address 127.0.0.1 [ or another null address to resolve the unwanted hostnames to ]

127.0.0.1 fedora.nictechnetworks.com

While you cannot use IP addresses to block connections with a Hosts file you can use an IP address in a Hosts file to "override" the DNS resolution of a hostname.

One commonly seen and totally safe entry for TDS-3 [ Trojan Defence Suite ] users is the IP for Diamondcs.com.au to redirect users from their old forum to the new sites IP address , which can be accessed using a hotkey setup inside TDS-3.

203.161.127.141 www.dcsresearch.com
64.91.255.87 www.dcsresearch.com


Hijackers can also make use of this however, often hijacking the hosts file to allow redirection of search engines or well known security sites to the IP address of the hijackers site instead. Usually to keep their victims from seeking any help.

In the case of competing spyware companies , they hijack the HOSTS file to prevent connections to other spyware / hijack sites to make sure they are the only ones who get the advertising revenue. It's all about the money.

Hijack redirection example:

69.20.16.183 search.netscape.com
69.20.16.183 ieautosearch
66.79.171.75 www.google.com
66.79.171.75 www.yahoo.com
66.79.171.75 www.altavista.com

Hijack security site prevention example:

These entries below for example , will prevent a computer from accessing any of the security sites for help..

127.0.0.1 www.kaspersky.com
127.0.0.1 www.f-secure.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 customer.symantec.com
127.0.0.1 rads.mcafee.com
127.0.0.1 trendmicro.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 www.mcafee.com
127.0.0.1 mcafee.com
127.0.0.1 viruslist.com

CWS trojans and various other hijackers can easily change the read only settings of a Hosts file to allow them to overwrite the Hostfile entries with their own data.

So it's important to keep a backup of your HOSTS file.

A good example is the recent SpySherrif / SpywareNo Hijacker in this thread at Bluetack forums :

http://www.bluetack.co.uk/forums/index.php?showtopic=9994

It not only took out my locked Hosts file , but the trojans that accompanied the hijack also disabled the windows taskmanager and many of my security programs as well..

You cannot be too protected , the more layers of security you have set up the better.

A well maintained/updated Hosts file will stop most if not all of the known threats that you are capable of blocking by hostname from getting into your system , the unknown threats will need to be handled by the next layer of protection.

SpywareBlaster and Hoster [ and other programs ] make backing up your hosts file easy , try to get into the habit of making a backup after you add your own entries.

=======================================

Warning!: Extremely large Hosts files may slow down browsing in windows 2000 / XP ,
it is advised to switch the DNS Client service in services.msc to manual or disabled.

Go to start-> run-> [ type in] Services.msc

Scroll down to DNS Client and select the option to set it to disable/manual

=======================================

Excellent HOSTS File Guides / Information :

http://www.spywarewarrior.com/viewtopic.php?t=410
http://www.bleepingcomputer.com/forums/index.php?showtutorial=51
http://www.accs-net.com/hosts/index.html
The hosts File - DerkerTechnology.net

http://www.spywarewarrior.com/uiuc/soft8a.htm#HOSTS

##############################
Recommended HOST file downloads:
##############################

MVPS HOSTS file:
http://www.mvps.org/winhelp2002/hosts.htm

Bluetack Hosts File
http://www.bluetack.co.uk/forums/index. ... topic=8406

Great HOSTS file information site -
http://www.accs-net.com/hosts/index.html

HOSTS File / ADSERVERS Lists -
http://pgl.yoyo.org/adservers/

===============================================
- Recommended HOSTS file management tools -
===============================================


- Bluetack Hosts Manager - By Bluetack Admin Kimberly -

:: FREE Download ::
http://www.bluetack.co.uk/modules.php?name...wdownload&cid=7

:: Information ::
http://www.bluetack.co.uk/forums/index.php?showtopic=9240




:: B.I.S.S. HOSTS Switch ::

http://www.bluetack.co.uk/forums/index.php?showtopic=13516

Instead of having the Bluetack's Hosts Manager open to disable / enable your hosts file, we've decided to offer you an Add-On : Bluetack's Hosts Switch



It loads a small application which shows if your Hosts file is readable and it allows you to quickly enable / disable the Hosts file.

If you are using Internet Explorer, you can add a toolbutton to the default Toolbar to launch the program very quickly. You can set it to load at Windows boot - Normal or in the Tray ...

B.I.S.S. Hosts Manager 1.7 is recommended to access the full features of the add-on. If you already have B.I.S.S. Hosts Manager 1.7 installed, you don't need to download this Add-On separately, it's included from the 1.7 version.

Select Custom Setup if you want to change the default install folder. If B.I.S.S. Hosts Manager is installed, it's recommended that you install this Add-On in the same folder.




Want easy access while browsing ? Add a button to your IE ToolBar .... it will open up the program when you click on it.
This feature only works with Internet Explorer.



When you check the option in the program, start a new Internet Explorer instance afterwards. If the button does not show up on the toolbar, you might need to go to View | Toolbars | Customize and move the Hosts Switch button from "Available toolbar buttons" to "Current toolbar buttons".

===============================================


- HOSTER by Toadbee
.. [Admin @ Gladiator Anti-virus Security Forum] ..

>> Download Link <<
http://www.funkytoad.com/



More information / screenshots / discussion in Bluetack members security tools section:
http://www.bluetack.co.uk/forums/index.php?showtopic=2838

-------------------------------------------------
-------------------------------------------------

- Hostess -
http://accs-net.com/hostess/
HOSTS file manager with Hosts Toggle integrated

The Hostess program has been designed to help you easily maintain your Hosts file for the purpose of blocking servers rather than for its original purpose of quicker DNS lookups. It stores the hostnames in an indexed database, eliminating duplicates and placing hosts into logical groups that can be ordered for efficiency. Hostess has powerful import, export and search features. It can even create a registry file for adding domains to the Internet Explorer Restricted Zone.

Hostess will warn you if you already have the same entry in your Hosts file so you can avoid duplicates.

One tip , when importing your hosts file stick to the default group.

-------------------------------------------------


Another great Hosts file application by Toadbee :

Homer v1.0 - ß1

See here for full details:
http://babbling.funkytoad.com/

Homer v1.0 - ß1

What is Homer?

Homer is a Localhost webserver.

Homer listens to IP 127.0.0.1 for connections on port 80 - Logs requests, and serves up a picture of your choosing.

Huh?

If you use an Ad-Blocking HOSTS file - Such as HPGuru’s or Bluetack’s - you may see alot of “cannot connect” type messages and missing graphics.

Running Homer will change that by serving an image of your choice. Doing so will make pages load faster as a consequence.

-------------------------------------------------


- Hosts Toggle -
http://accs-net.com/hosts/HostsToggle/

Switch on / off HOSTS file blocking with a click of a button

-------------------------------------------------

- Aldos Hosts Manager -
http://www.aldostools.com/hosts.html

Merge hosts / remove duplicates

===============
=============
Other handy tools:
=============
===============


- FastNet99 -

FastNet99 is a network utility that will speed up your web browser every time you want to connect to a web site on the Internet, by avoiding time consuming DNS lookups. It provides all the tools you need to help diagnose network problems and get information about users, hosts and networks on the Internet or on your Intranet. It combines DNS Lookup, Ping, TraceRoute, WhoIs, Finger, Time Synchronizer, KeepAlive and more...

http://w3.quipo.it/gcriaco/

-------------------------------------------------

- NS-Batch -

JIM PRICE created this utility to allow host name lookups of lots of IP addresses.
It also lets you interactively look up host name from IP addresses or IP addresses from hostnames.
Just feed it a file with IP addresses in it (of the format 127.0.0.1), and it will dig out the addresses,
look up the hostnames, and create a text file containing:

1) the IP address in hex (useful for sorting)
2) the IP address in dotted-octet format (i.e., 207.43.183.2)
3) the corresponding hostname, (i.e., www.jimprice.com) and
4) the hostname reversed (i.e. com.jimprice.www)
5) additional status information about the lookup (whether or not it worked)

You can then import the text file into your favorite word processor, spreadsheet, or other program, and sort it by IP address or other fields. Also, the program now includes features to probe a subnet (listing all the computers on a given network), and to display your local host's IP address, as well as some amount of flexibility in the output format

- http://www.jimprice.com/jim-soft.htm#nsbatch

-------------------------------------------------


:: Warning ::

Hosts file reader by Option explicit , available on various sites , should be avoided as it will destroy your large custom hosts file and reduce it to a much smaller size eg: 64k

=============================
============================
:: IP ADDRESS GUIDES ::
============================
=============================

IP Addresses Explained -
http://www.bleepingcomputer.com/forums/ind...showtutorial=37

BLUETACK IP ADDRESS GUIDE
http://www.bluetack.co.uk/forums/index.php?showtopic=52

===========================

The ULTIMATE Network Resource Page -

http://www.spywarewarrior.com/uiuc/info19.htm

===========================
==========================
:: WHOIS LOOKUPS ::
==========================
===========================

http://ws.arin.net/cgi-bin/whois.pl
http://ripe.net/cgi-bin/search/gdquery.cgi?
http://www.apnic.net/apnic-bin/whois.pl

http://www.whois.sc/
http://www.dnsstuff.com/
http://www.samspade.org/
http://www.completewhois.com/
http://www.demon.net/external/
http://www.all-nettools.com/toolbox

http://www.dshield.org/ipinfo.php?ip=XXX.XXX.XXX.XXX

http://www.fixedorbit.com/search.htm

============================
===========================
:: IP INDEX SITES ::
===========================
============================

http://www.fixedorbit.com/welcome.htm
http://www.flumps.org/ip/index.html
http://www.sbslinks.com/Ipaddress.htm


############################################################