How to block advertising, tracking, malware and offensive content

There is no such thing as a totally effective firewall, virus checker, or ad-blocker. In fact, one must never succumb to the false sense of security that such products create. The final decision on whether or not to download any content from the Internet must always be made by the user.

NAT32 contains a DNS Resolver that all computers can use to do name lookups. The resolver is unique in that it first checks names against entries in various lists as described here. If a match is found, the resolver returns the address 1.2.3.4, which is the (default) address of the NAT32 honeypot. If no match is found, the request is passed on to the configured DNS Server for resolution in the normal way.

When a Web Client (e.g. a Web Browser) accesses the honeypot, it receives safe, dummy content in place of the harmful content that the real site would have returned. This powerful mechanism will block advertising, tracking, malware and other nasties that some websites inflict upon their visitors. Note that the blocked content is never downloaded to the user's computer, and so web browsing is not only safe, but also faster.

The reliability of the above mechanism depends entirely on the accuracy and completeness of the various lists that the DNS Resolver consults. Generation of a comprehensive black-list can be a daunting task, and so NAT32 can also use a special HOSTS Table that it generates out of one of the many HOSTS files that are available from various sources on the Internet. For example, current distributions of NAT32 use a hosts.ini file generated from content from the hosts-file.net site.

When NAT32 starts, it copies the names contained in file hosts.ini into an internal table. The DNS Resolver consults this table after all its other checks have been done, and if a match is found, the NAT32 Honeypot address is returned.

A HOSTS file is a special file that an Operating System consults prior to sending a DNS request to the Internet. It contains a list of IP address/Name pairs, and if a requested name is found in the list, the associated address is immediately returned and no Internet name lookup is done.

NAT32 never accesses the Operating System's HOSTS file. Instead, it uses one of the external HOSTS files that have been specially prepared for the purpose of malware blocking. All names contained in such a file are added to NAT32's internal HOSTS Table on startup, and access to such sites will always be redirected to 1.2.3.4, the default NAT32 Honeypot address.

After downloading the latest version of the hosts.ini file to your NAT32 installation directory, be sure to restart NAT32.

Tip To observe the operation of the DNS Resolver and Honeypot, turn on the NAT32 Monitor.

SEE ALSO

hpHOSTS HOSTS File Site, Honeypot, DNS Resolver, Resolver Settings, Lookup Test, setns

[Edit] [Back]