How to block IPs with 'route.exe' in Vista

  • Thread starter Thread starter Robert Weiss
  • Start date Start date
R

Robert Weiss

Hallo,
let's say i want to block www.disney.com (199.181.132.250). For that, i
enter following command into the shell:

route add 199.181.132.250 192.168.1.254

Subnet is 192.168.1.0/24
192.168.1.254 is unused

In XP the ip and dns is unreachable by browser now. Thats fine. But in vista
the same procedure doesn't work. It seems there's just an additional short
lag and then the site appears anyway. My guess is vista falls back to a
valid route after sensing the invalid route but i don't know for sure.

So, does anyone know how to use the 'route' command correctly on vista to
get the same result as in XP?
 
Hallo,
let's say i want to block www.disney.com (199.181.132.250). For that, i
enter following command into the shell:

route add 199.181.132.250 192.168.1.254

Subnet is 192.168.1.0/24
192.168.1.254 is unused

In XP the ip and dns is unreachable by browser now. Thats fine. But in vista
the same procedure doesn't work. It seems there's just an additional short
lag and then the site appears anyway. My guess is vista falls back to a
valid route after sensing the invalid route but i don't know for sure.

So, does anyone know how to use the 'route' command correctly on vista to
get the same result as in XP?
Click to expand...

Robert,

When you set this up, do a "route print". Then do a second "route print" after
you try accessing the target web site. Let's see if Vista is changing the route
table.

Just for curiosity, why aren't you using the Hosts file?
<http://nitecruzr.blogspot.com/2006/06/bad-websites-dont-go-there.html>
http://nitecruzr.blogspot.com/2006/06/bad-websites-dont-go-there.html

--
Cheers,
Chuck, MS-MVP 2005-2007 [Windows - Networking]
http://nitecruzr.blogspot.com/
Paranoia is not a problem, when it's a normal response from experience.
My email is AT DOT
actual address pchuck mvps org.
 
Robert Weiss said:
Hallo,
let's say i want to block www.disney.com (199.181.132.250). For that, i
enter following command into the shell:

route add 199.181.132.250 192.168.1.254

Subnet is 192.168.1.0/24
192.168.1.254 is unused

In XP the ip and dns is unreachable by browser now. Thats fine. But in
vista the same procedure doesn't work. It seems there's just an additional
short lag and then the site appears anyway. My guess is vista falls back
to a valid route after sensing the invalid route but i don't know for
sure.

So, does anyone know how to use the 'route' command correctly on vista to
get the same result as in XP?
Click to expand...

I'd sooner block the site by name in the HOSTS file. The IP could change
for whatever reason meaning your false route wouldn't be effective. Set the
record in the local HOSTS file something like...

127.0.0.1 www.disney.com

and the machine will never even attempt to look up the address and give an
immediate failure.

If you want to get fancy, setup a local webserver and point all the
"blocked" sites IPs there with an message saying this site is blocked.
 
I'd sooner block the site by name in the HOSTS file. The IP could change
for whatever reason meaning your false route wouldn't be effective. Set
the record in the local HOSTS file something like...
Click to expand...

I'm aware of the HOSTS file but unfortunately the destination address
doesn't have a dns thus i'm trying to find a way to block ip addresses
otherwise (and without personal firewall or vista firewall).
 
Robert,
When you set this up, do a "route print". Then do a second "route print"
after
you try accessing the target web site. Let's see if Vista is changing the
route
table.

Just for curiosity, why aren't you using the Hosts file?
<http://nitecruzr.blogspot.com/2006/06/bad-websites-dont-go-there.html>
http://nitecruzr.blogspot.com/2006/06/bad-websites-dont-go-there.html
Click to expand...

The IP doesn't have any dns entry.
I'll check the routing table once i'm back on the vista machine but i think
there will be no other entries. As a permanent route (route -p add) it has a
merit of 1 if i remember correctly and in the upper main table it shows a
merit of 21 i think that i couldn't lower any further. Maybe a traceroute
shows something. Will try that as well.
 
Robert Weiss said:
I'm aware of the HOSTS file but unfortunately the destination address
doesn't have a dns thus i'm trying to find a way to block ip addresses
otherwise (and without personal firewall or vista firewall).
Click to expand...

If it doesn't have a DNS registration, then how are you resolving
www.disney.com=199.181.132.250?

If it can be found on the Internet by name, then it has a DNS registration.
By using the HOSTS file, you are ignoring the DNS registration and forcing a
specific address be used.
 
If it doesn't have a DNS registration, then how are you resolving
www.disney.com=199.181.132.250?

If it can be found on the Internet by name, then it has a DNS
registration. By using the HOSTS file, you are ignoring the DNS
registration and forcing a specific address be used.
Click to expand...

Disney (or http) was just an example. The point is to block IPs not DNS and
why Vista behaves differently (as XP) and how to fix that.
 
I think i've got the solution...
XP accepts all target IPs (from local subnet) and routes blindly (thus
blocks) whereas Vista strictly needs a valid target IP (your own local IP
for example). If its invalid (no connection), vista will (most likely) fall
back to the next valid route to fix that.

Just a guess but at least it works. :-)
 
Back
Top