Hi all,

I just learned that I can edit the Windows (Vista) host file to assign IPs to domains (host) so that the local system checks the domain against the host file before going through the DNS.

My question is: is there a way to redirect an IP instead for example in the host file it's
127.0.01 domain.com # domain.com resolves to loopback
what I want is something like: xxx.xxx.xxx.xxx #specifc IP gets "blocked"

for example, if a trojan uses a host to communicate with the hacker, I could in thoery use the host file to prevent that. But if the actual IP is used in the trojan, is there anyway to stop that?

Many thanks in advance.


What you should use is a proxy server or firewall that can block or allow by IP. The HOSTS file is for resolving FQDNs to IPs, like a DNS server would.

However, what you can do, if you know for some reason of a particular IP that you want to have blocked, you can setup a dead route in your local routing table. It's a really dirty fix, but you can do it.

You have to add a second gateway on your machine, then direct that IP traffic out that fake gateway. The effective result is destination unreachable.

From a command prompt:

C:>route ADD <destinationIP> MASK <subnetmask> <gateway> -p

Make sure that the fake gateway IP is on your local subnet and is not being used by any device. Of course, you then have to remember not to use that IP with anything.

If you find yourself adding a ton of dead routes, I would seriously consider a Netscreen or other configurable firewall appliance. The lower end $50 consumer firewalls may not give you the configuration ability you are looking for.