Main Area and Open Discussion > Living Room

Conficker - The Facts

<< < (6/14) > >>

f0dder:
Even with a proxy, you'd still be doing the DNS lookup locally - it's only the HTTP connection to the server that's going through the proxy.

app103:
Even with a proxy, you'd still be doing the DNS lookup locally - it's only the HTTP connection to the server that's going through the proxy.
-f0dder (April 01, 2009, 12:41 AM)
--- End quote ---

Wait, I connect to hidemyass.com and type in the url of my antivirus company and click the button. The proxy is using my DNS to find where that url is and not theirs? That just sounds weird, since the point to the proxy is to not connect to the url at all and let the proxy do it for you and forward the data to you.

Unless conficker is blocking your access to that particular proxy service, I don't see how or why it would fail to work.

Try it. Block access to download.eset.com in your hosts file, firewall or any other way you choose. Then put this url in the box at hidemyass.com and see if you get the file, paying close attention to where it says it is coming from: http://download.eset.com/special/EConfickerRemover.exe

Ehtyar:
Going to HTTP://ip.number.here often won't work, since the site won't get the "Host: domain.name.com" HTTP header they expect. You'd have to put the IPs in your hosts files, but that file is probably used by DnsQuery() and thus the method is going to fail because Conficker's patching.
-f0dder (April 01, 2009, 12:32 AM)
--- End quote ---
Most of the big sites should work as they're on dedicated/load balanced boxes. For the smaller ones, you can use one of a number of methods to send a fake Host header.

Even with a proxy, you'd still be doing the DNS lookup locally - it's only the HTTP connection to the server that's going through the proxy.
-f0dder (April 01, 2009, 12:41 AM)
--- End quote ---
F0d Man, were you thinking of a proper proxy? App Lady is talking about a web proxy.

Ehtyar.

f0dder:
Sorry guys, I hadn't had enough morning coffee when I typed that post - I was thinking of a transparent proxy rather than one of those manual proxies :-[

J-Mac:
Going to HTTP://ip.number.here often won't work, since the site won't get the "Host: domain.name.com" HTTP header they expect. You'd have to put the IPs in your hosts files, but that file is probably used by DnsQuery() and thus the method is going to fail because Conficker's patching.
-f0dder (April 01, 2009, 12:32 AM)
--- End quote ---

That is very true, but using a proxy like hidemyass.com would probably work, without the need of even trying the IP and using the actual URL that conficker is blocking. And yes, you can download removal tools through that proxy. I tested it.
-app103 (April 01, 2009, 12:38 AM)
--- End quote ---

That's a great tip, app. Thank you!

Jim

Navigation

[0] Message Index

[#] Next page

[*] Previous page