Full Disclosure: Re: Geolocation Question

Re: Geolocation Question

From: Michael Holstein <michael.holstein () csuohio edu>
Date: Fri, 08 Jan 2010 10:50:46 -0500

was a tick box along the lines of "disable all communication with MS
servers"


Well, as it pertains to WGA, the hack was to include the following in
./system32/drivers/etc/hosts :

127.0.0.1 mpa.one.microsoft.com

If you have a router that can run [DD|Open]WRT, you can mount a SMB
share and run tcpdump -w /that/share on your connection to see exactly
what your system of choice is "doing" network-wise. You can also do this
with a hub and another computer (or even directly on the box with
winpcap, assuming you trust that M$ didn't do some trickery that would
lie to it).

If you want to get fancier still, run Quagga on a linux box with a BGP
feed from somewhere and blackhole AS8060, AS8069, AS8705, AS3598, and a
couple of others I'm too lazy to look up at the moment .. and route your
traffic through that.

Cheers,

Michael Holstein
Cleveland State University

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Geolocation Question McGhee, Eddie (Jan 07)
- Re: Geolocation Question Dan Kaminsky (Jan 07)
- Re: Geolocation Question Valdis . Kletnieks (Jan 07)
  - Re: Geolocation Question Dan Kaminsky (Jan 07)
    - Re: Geolocation Question Valdis . Kletnieks (Jan 07)
    - Re: Geolocation Question Dan Kaminsky (Jan 07)
    - Re: Geolocation Question mrx (Jan 07)
    - Re: Geolocation Question Paul Schmehl (Jan 07)
    - Message not available
    - Message not available
    - Message not available
    - Re: Geolocation Question mrx (Jan 08)
    - Re: Geolocation Question Michael Holstein (Jan 08)
    - Re: Geolocation Question Daniel Veditz (Jan 14)
    - Re: Geolocation Question Valdis . Kletnieks (Jan 07)
    - Re: Geolocation Question Dan Kaminsky (Jan 07)