Of course, this is not a security hole at all. Windows has the same feature. On NT or 2000 you can find the hosts file in %sysvol%:\WINNT\system32\drivers\hosts. Its a easy way to use a friendly name without having to mess with a DNS server. Yes, you could perform a MiM (Man in the Middle) attack by redirecting traffic to another site however it would require physical access to the machine, on top of that unless you know what you are after its not worth the headache. It would make more since to edit the proxy settings and catch all the web traffic with a MiM attack and a lot easier to do. John Thornton - jthorntonat_private Editor in Chief Hackers Digest - www.hackersdigest.com H A C K E R ' S D I G E S T ----------------------------------------------------------------- #1 for propeller heads ----------------------------------------------------------------- www.hackersdigest.com
This archive was generated by hypermail 2b30 : Tue Aug 21 2001 - 09:17:58 PDT