Quote:
Originally Posted by madslug
{snip}..
Here is a question for the techies: if everyone used their computer's host file for the DNS lookups that it was designed for, would that help to avoid the redirects performed by the Layer 7 switch or any other hacker/malware?
|
In general, I would say yes (to this particular vulnerability). However it isn't the most practical approach. I suppose it would be worthwhile recording a few of your most sensitive sites in your hosts file (bank/paypal etc.).
You would, of course, have to manually update your hosts file should the site change it's IP address for whatever reason (not that often I would suspect).
Of course, this won't help the intercept that BT/Phorm will be doing. As far as I'm aware there is no tcp/ip flag that says 'do not source nat this packet' - this would actually be a very nice little feature (although the equipment doing the source nat is free to ignore the flag of course).