How do I block traffic to “evaluated” IPs without using a separate DNS?











up vote
1
down vote

favorite
1












To test the 'truthfulness' of a network function, I have set up a virtual machine running windows 10. I'm running the Microsoft network monitor on the virtual machine, and on the next level up, I'm comparing the network requests of the virtual box to the network requests that the virtual box claims that it made.



Note that the virtual box has no network requests until I start a VM.



My current method of trying to block these network requests is to use the hosts file for any domains, and the firewall for any IPs. The Firewall has been working fine so far, It's the hosts file that's giving me a headache.



There seem to be certain "Evaluated" domains that the hosts file will not block, and I need them blocked



for example, here are some domains that you cannot block with the hosts file:



dm3p.wns.notify.windows.com.akadns.net
e1553.dspg.akamaiedge.net
e15275.g.akamaiedge.net
cs9.wac.phicdn.net
arc.msn.com.nsatc.net


How do I block requests to and from these addresses using only vanilla windows 10?










share|improve this question















This question has an open bounty worth +200
reputation from tuskiomi ending in 5 days.


This question has not received enough attention.


As it stands, this is a huge security flaw in windows that allows programs to start communications with a server that is blocked by the firewall. It would be a help to not only me, but the entire windows space if this question were solved.




















    up vote
    1
    down vote

    favorite
    1












    To test the 'truthfulness' of a network function, I have set up a virtual machine running windows 10. I'm running the Microsoft network monitor on the virtual machine, and on the next level up, I'm comparing the network requests of the virtual box to the network requests that the virtual box claims that it made.



    Note that the virtual box has no network requests until I start a VM.



    My current method of trying to block these network requests is to use the hosts file for any domains, and the firewall for any IPs. The Firewall has been working fine so far, It's the hosts file that's giving me a headache.



    There seem to be certain "Evaluated" domains that the hosts file will not block, and I need them blocked



    for example, here are some domains that you cannot block with the hosts file:



    dm3p.wns.notify.windows.com.akadns.net
    e1553.dspg.akamaiedge.net
    e15275.g.akamaiedge.net
    cs9.wac.phicdn.net
    arc.msn.com.nsatc.net


    How do I block requests to and from these addresses using only vanilla windows 10?










    share|improve this question















    This question has an open bounty worth +200
    reputation from tuskiomi ending in 5 days.


    This question has not received enough attention.


    As it stands, this is a huge security flaw in windows that allows programs to start communications with a server that is blocked by the firewall. It would be a help to not only me, but the entire windows space if this question were solved.


















      up vote
      1
      down vote

      favorite
      1









      up vote
      1
      down vote

      favorite
      1






      1





      To test the 'truthfulness' of a network function, I have set up a virtual machine running windows 10. I'm running the Microsoft network monitor on the virtual machine, and on the next level up, I'm comparing the network requests of the virtual box to the network requests that the virtual box claims that it made.



      Note that the virtual box has no network requests until I start a VM.



      My current method of trying to block these network requests is to use the hosts file for any domains, and the firewall for any IPs. The Firewall has been working fine so far, It's the hosts file that's giving me a headache.



      There seem to be certain "Evaluated" domains that the hosts file will not block, and I need them blocked



      for example, here are some domains that you cannot block with the hosts file:



      dm3p.wns.notify.windows.com.akadns.net
      e1553.dspg.akamaiedge.net
      e15275.g.akamaiedge.net
      cs9.wac.phicdn.net
      arc.msn.com.nsatc.net


      How do I block requests to and from these addresses using only vanilla windows 10?










      share|improve this question













      To test the 'truthfulness' of a network function, I have set up a virtual machine running windows 10. I'm running the Microsoft network monitor on the virtual machine, and on the next level up, I'm comparing the network requests of the virtual box to the network requests that the virtual box claims that it made.



      Note that the virtual box has no network requests until I start a VM.



      My current method of trying to block these network requests is to use the hosts file for any domains, and the firewall for any IPs. The Firewall has been working fine so far, It's the hosts file that's giving me a headache.



      There seem to be certain "Evaluated" domains that the hosts file will not block, and I need them blocked



      for example, here are some domains that you cannot block with the hosts file:



      dm3p.wns.notify.windows.com.akadns.net
      e1553.dspg.akamaiedge.net
      e15275.g.akamaiedge.net
      cs9.wac.phicdn.net
      arc.msn.com.nsatc.net


      How do I block requests to and from these addresses using only vanilla windows 10?







      networking virtualbox blocking






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 7 at 23:17









      tuskiomi

      4992515




      4992515






      This question has an open bounty worth +200
      reputation from tuskiomi ending in 5 days.


      This question has not received enough attention.


      As it stands, this is a huge security flaw in windows that allows programs to start communications with a server that is blocked by the firewall. It would be a help to not only me, but the entire windows space if this question were solved.








      This question has an open bounty worth +200
      reputation from tuskiomi ending in 5 days.


      This question has not received enough attention.


      As it stands, this is a huge security flaw in windows that allows programs to start communications with a server that is blocked by the firewall. It would be a help to not only me, but the entire windows space if this question were solved.
























          2 Answers
          2






          active

          oldest

          votes

















          up vote
          1
          down vote













          We can try this link which talked about Block or Redirect specific Websites in windows hosts file.
          [https://www.online-tech-tips.com/computer-tips/edit-windows-hosts-file-to-block-redirect-websites/][1]






          share|improve this answer








          New contributor




          Mick is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.

























            up vote
            1
            down vote













            These are websites for Microsoft telemetry, Windows Update and Akamai network
            optimizations.



            Analyzing the websites in your list:




            • dm3p.wns.notify.windows.com.akadns.net is 13.89.217.116 registered by Microsoft.
              cs9.wac.phicdn.net is the same for Verizon users.
              They are probably used principally for Windows Update.


            • arc.msn.com.nsatc.net is probably used by Windows Spotlight for
              new lock screen images and suggested apps.
              It can be turned off with no negative effects as
              described by Microsoft.


            • e1553.dspg.akamaiedge.net is 104.121.28.119 registered by Akamai
              to figure out what's the closest server to you to speed things up.
              e15275.g.akamaiedge.net is the same.



            The results of disabling them might be incorrect Windows Update patches
            applied to your computer, and slower Internet access on the Akamai network.



            Recommendations



            I would recommend, rather than blocking the Microsoft websites,
            to turn them off by disabling their services for the ones that are
            judged unnecessary.
            This is done in:





            • Settings > Privacy allows nowadays to turn off most of the telemetry options

            • The Microsoft article
              Manage connections from Windows operating system components to Microsoft services
              contains instruction on turning off dozens of Windows services.


            I would recommend leaving the Akamai sites to do their job.
            You may block them at the router by IP address, but you are only degrading
            your Internet experience.



            Blocking



            Windows UPdate can be disabled from Administrative Tools > Services.



            For good measures, the Microsoft Store can be disabled via regedit,
            key KEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsStore,
            right-click and select New > DWORD 32-bit, named RemoveWindowsStore
            with the value of 1.



            As Windows will not block these IP addresses, you may try
            installing a third-party firewall, from which these websites will not
            get a special treatment, so might succeed in blocking them.
            Disable in that case the Windows Defender firewall.






            share|improve this answer























            • This doesn't answer the question. I'm 100% sure I want no connection to these sites. I need to block the connection.
              – tuskiomi
              yesterday










            • As stated above, you may do that by: (1) Closing all telemetry services, (2) Using the router's firewall.
              – harrymc
              yesterday










            • The firewall is already blocking the IPS for above addresses, and I've used dw10S to shut off telemetry
              – tuskiomi
              yesterday








            • 1




              You may also block them by installing a third-party firewall that doesn't treat these websites differently from other websites.
              – harrymc
              yesterday











            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "3"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














             

            draft saved


            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1373618%2fhow-do-i-block-traffic-to-evaluated-ips-without-using-a-separate-dns%23new-answer', 'question_page');
            }
            );

            Post as a guest
































            2 Answers
            2






            active

            oldest

            votes








            2 Answers
            2






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes








            up vote
            1
            down vote













            We can try this link which talked about Block or Redirect specific Websites in windows hosts file.
            [https://www.online-tech-tips.com/computer-tips/edit-windows-hosts-file-to-block-redirect-websites/][1]






            share|improve this answer








            New contributor




            Mick is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.






















              up vote
              1
              down vote













              We can try this link which talked about Block or Redirect specific Websites in windows hosts file.
              [https://www.online-tech-tips.com/computer-tips/edit-windows-hosts-file-to-block-redirect-websites/][1]






              share|improve this answer








              New contributor




              Mick is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
              Check out our Code of Conduct.




















                up vote
                1
                down vote










                up vote
                1
                down vote









                We can try this link which talked about Block or Redirect specific Websites in windows hosts file.
                [https://www.online-tech-tips.com/computer-tips/edit-windows-hosts-file-to-block-redirect-websites/][1]






                share|improve this answer








                New contributor




                Mick is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                Check out our Code of Conduct.









                We can try this link which talked about Block or Redirect specific Websites in windows hosts file.
                [https://www.online-tech-tips.com/computer-tips/edit-windows-hosts-file-to-block-redirect-websites/][1]







                share|improve this answer








                New contributor




                Mick is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                Check out our Code of Conduct.









                share|improve this answer



                share|improve this answer






                New contributor




                Mick is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                Check out our Code of Conduct.









                answered Nov 8 at 16:49









                Mick

                111




                111




                New contributor




                Mick is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                Check out our Code of Conduct.





                New contributor





                Mick is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                Check out our Code of Conduct.






                Mick is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                Check out our Code of Conduct.
























                    up vote
                    1
                    down vote













                    These are websites for Microsoft telemetry, Windows Update and Akamai network
                    optimizations.



                    Analyzing the websites in your list:




                    • dm3p.wns.notify.windows.com.akadns.net is 13.89.217.116 registered by Microsoft.
                      cs9.wac.phicdn.net is the same for Verizon users.
                      They are probably used principally for Windows Update.


                    • arc.msn.com.nsatc.net is probably used by Windows Spotlight for
                      new lock screen images and suggested apps.
                      It can be turned off with no negative effects as
                      described by Microsoft.


                    • e1553.dspg.akamaiedge.net is 104.121.28.119 registered by Akamai
                      to figure out what's the closest server to you to speed things up.
                      e15275.g.akamaiedge.net is the same.



                    The results of disabling them might be incorrect Windows Update patches
                    applied to your computer, and slower Internet access on the Akamai network.



                    Recommendations



                    I would recommend, rather than blocking the Microsoft websites,
                    to turn them off by disabling their services for the ones that are
                    judged unnecessary.
                    This is done in:





                    • Settings > Privacy allows nowadays to turn off most of the telemetry options

                    • The Microsoft article
                      Manage connections from Windows operating system components to Microsoft services
                      contains instruction on turning off dozens of Windows services.


                    I would recommend leaving the Akamai sites to do their job.
                    You may block them at the router by IP address, but you are only degrading
                    your Internet experience.



                    Blocking



                    Windows UPdate can be disabled from Administrative Tools > Services.



                    For good measures, the Microsoft Store can be disabled via regedit,
                    key KEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsStore,
                    right-click and select New > DWORD 32-bit, named RemoveWindowsStore
                    with the value of 1.



                    As Windows will not block these IP addresses, you may try
                    installing a third-party firewall, from which these websites will not
                    get a special treatment, so might succeed in blocking them.
                    Disable in that case the Windows Defender firewall.






                    share|improve this answer























                    • This doesn't answer the question. I'm 100% sure I want no connection to these sites. I need to block the connection.
                      – tuskiomi
                      yesterday










                    • As stated above, you may do that by: (1) Closing all telemetry services, (2) Using the router's firewall.
                      – harrymc
                      yesterday










                    • The firewall is already blocking the IPS for above addresses, and I've used dw10S to shut off telemetry
                      – tuskiomi
                      yesterday








                    • 1




                      You may also block them by installing a third-party firewall that doesn't treat these websites differently from other websites.
                      – harrymc
                      yesterday















                    up vote
                    1
                    down vote













                    These are websites for Microsoft telemetry, Windows Update and Akamai network
                    optimizations.



                    Analyzing the websites in your list:




                    • dm3p.wns.notify.windows.com.akadns.net is 13.89.217.116 registered by Microsoft.
                      cs9.wac.phicdn.net is the same for Verizon users.
                      They are probably used principally for Windows Update.


                    • arc.msn.com.nsatc.net is probably used by Windows Spotlight for
                      new lock screen images and suggested apps.
                      It can be turned off with no negative effects as
                      described by Microsoft.


                    • e1553.dspg.akamaiedge.net is 104.121.28.119 registered by Akamai
                      to figure out what's the closest server to you to speed things up.
                      e15275.g.akamaiedge.net is the same.



                    The results of disabling them might be incorrect Windows Update patches
                    applied to your computer, and slower Internet access on the Akamai network.



                    Recommendations



                    I would recommend, rather than blocking the Microsoft websites,
                    to turn them off by disabling their services for the ones that are
                    judged unnecessary.
                    This is done in:





                    • Settings > Privacy allows nowadays to turn off most of the telemetry options

                    • The Microsoft article
                      Manage connections from Windows operating system components to Microsoft services
                      contains instruction on turning off dozens of Windows services.


                    I would recommend leaving the Akamai sites to do their job.
                    You may block them at the router by IP address, but you are only degrading
                    your Internet experience.



                    Blocking



                    Windows UPdate can be disabled from Administrative Tools > Services.



                    For good measures, the Microsoft Store can be disabled via regedit,
                    key KEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsStore,
                    right-click and select New > DWORD 32-bit, named RemoveWindowsStore
                    with the value of 1.



                    As Windows will not block these IP addresses, you may try
                    installing a third-party firewall, from which these websites will not
                    get a special treatment, so might succeed in blocking them.
                    Disable in that case the Windows Defender firewall.






                    share|improve this answer























                    • This doesn't answer the question. I'm 100% sure I want no connection to these sites. I need to block the connection.
                      – tuskiomi
                      yesterday










                    • As stated above, you may do that by: (1) Closing all telemetry services, (2) Using the router's firewall.
                      – harrymc
                      yesterday










                    • The firewall is already blocking the IPS for above addresses, and I've used dw10S to shut off telemetry
                      – tuskiomi
                      yesterday








                    • 1




                      You may also block them by installing a third-party firewall that doesn't treat these websites differently from other websites.
                      – harrymc
                      yesterday













                    up vote
                    1
                    down vote










                    up vote
                    1
                    down vote









                    These are websites for Microsoft telemetry, Windows Update and Akamai network
                    optimizations.



                    Analyzing the websites in your list:




                    • dm3p.wns.notify.windows.com.akadns.net is 13.89.217.116 registered by Microsoft.
                      cs9.wac.phicdn.net is the same for Verizon users.
                      They are probably used principally for Windows Update.


                    • arc.msn.com.nsatc.net is probably used by Windows Spotlight for
                      new lock screen images and suggested apps.
                      It can be turned off with no negative effects as
                      described by Microsoft.


                    • e1553.dspg.akamaiedge.net is 104.121.28.119 registered by Akamai
                      to figure out what's the closest server to you to speed things up.
                      e15275.g.akamaiedge.net is the same.



                    The results of disabling them might be incorrect Windows Update patches
                    applied to your computer, and slower Internet access on the Akamai network.



                    Recommendations



                    I would recommend, rather than blocking the Microsoft websites,
                    to turn them off by disabling their services for the ones that are
                    judged unnecessary.
                    This is done in:





                    • Settings > Privacy allows nowadays to turn off most of the telemetry options

                    • The Microsoft article
                      Manage connections from Windows operating system components to Microsoft services
                      contains instruction on turning off dozens of Windows services.


                    I would recommend leaving the Akamai sites to do their job.
                    You may block them at the router by IP address, but you are only degrading
                    your Internet experience.



                    Blocking



                    Windows UPdate can be disabled from Administrative Tools > Services.



                    For good measures, the Microsoft Store can be disabled via regedit,
                    key KEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsStore,
                    right-click and select New > DWORD 32-bit, named RemoveWindowsStore
                    with the value of 1.



                    As Windows will not block these IP addresses, you may try
                    installing a third-party firewall, from which these websites will not
                    get a special treatment, so might succeed in blocking them.
                    Disable in that case the Windows Defender firewall.






                    share|improve this answer














                    These are websites for Microsoft telemetry, Windows Update and Akamai network
                    optimizations.



                    Analyzing the websites in your list:




                    • dm3p.wns.notify.windows.com.akadns.net is 13.89.217.116 registered by Microsoft.
                      cs9.wac.phicdn.net is the same for Verizon users.
                      They are probably used principally for Windows Update.


                    • arc.msn.com.nsatc.net is probably used by Windows Spotlight for
                      new lock screen images and suggested apps.
                      It can be turned off with no negative effects as
                      described by Microsoft.


                    • e1553.dspg.akamaiedge.net is 104.121.28.119 registered by Akamai
                      to figure out what's the closest server to you to speed things up.
                      e15275.g.akamaiedge.net is the same.



                    The results of disabling them might be incorrect Windows Update patches
                    applied to your computer, and slower Internet access on the Akamai network.



                    Recommendations



                    I would recommend, rather than blocking the Microsoft websites,
                    to turn them off by disabling their services for the ones that are
                    judged unnecessary.
                    This is done in:





                    • Settings > Privacy allows nowadays to turn off most of the telemetry options

                    • The Microsoft article
                      Manage connections from Windows operating system components to Microsoft services
                      contains instruction on turning off dozens of Windows services.


                    I would recommend leaving the Akamai sites to do their job.
                    You may block them at the router by IP address, but you are only degrading
                    your Internet experience.



                    Blocking



                    Windows UPdate can be disabled from Administrative Tools > Services.



                    For good measures, the Microsoft Store can be disabled via regedit,
                    key KEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsStore,
                    right-click and select New > DWORD 32-bit, named RemoveWindowsStore
                    with the value of 1.



                    As Windows will not block these IP addresses, you may try
                    installing a third-party firewall, from which these websites will not
                    get a special treatment, so might succeed in blocking them.
                    Disable in that case the Windows Defender firewall.







                    share|improve this answer














                    share|improve this answer



                    share|improve this answer








                    edited 17 hours ago

























                    answered yesterday









                    harrymc

                    247k10254541




                    247k10254541












                    • This doesn't answer the question. I'm 100% sure I want no connection to these sites. I need to block the connection.
                      – tuskiomi
                      yesterday










                    • As stated above, you may do that by: (1) Closing all telemetry services, (2) Using the router's firewall.
                      – harrymc
                      yesterday










                    • The firewall is already blocking the IPS for above addresses, and I've used dw10S to shut off telemetry
                      – tuskiomi
                      yesterday








                    • 1




                      You may also block them by installing a third-party firewall that doesn't treat these websites differently from other websites.
                      – harrymc
                      yesterday


















                    • This doesn't answer the question. I'm 100% sure I want no connection to these sites. I need to block the connection.
                      – tuskiomi
                      yesterday










                    • As stated above, you may do that by: (1) Closing all telemetry services, (2) Using the router's firewall.
                      – harrymc
                      yesterday










                    • The firewall is already blocking the IPS for above addresses, and I've used dw10S to shut off telemetry
                      – tuskiomi
                      yesterday








                    • 1




                      You may also block them by installing a third-party firewall that doesn't treat these websites differently from other websites.
                      – harrymc
                      yesterday
















                    This doesn't answer the question. I'm 100% sure I want no connection to these sites. I need to block the connection.
                    – tuskiomi
                    yesterday




                    This doesn't answer the question. I'm 100% sure I want no connection to these sites. I need to block the connection.
                    – tuskiomi
                    yesterday












                    As stated above, you may do that by: (1) Closing all telemetry services, (2) Using the router's firewall.
                    – harrymc
                    yesterday




                    As stated above, you may do that by: (1) Closing all telemetry services, (2) Using the router's firewall.
                    – harrymc
                    yesterday












                    The firewall is already blocking the IPS for above addresses, and I've used dw10S to shut off telemetry
                    – tuskiomi
                    yesterday






                    The firewall is already blocking the IPS for above addresses, and I've used dw10S to shut off telemetry
                    – tuskiomi
                    yesterday






                    1




                    1




                    You may also block them by installing a third-party firewall that doesn't treat these websites differently from other websites.
                    – harrymc
                    yesterday




                    You may also block them by installing a third-party firewall that doesn't treat these websites differently from other websites.
                    – harrymc
                    yesterday


















                     

                    draft saved


                    draft discarded



















































                     


                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1373618%2fhow-do-i-block-traffic-to-evaluated-ips-without-using-a-separate-dns%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest




















































































                    Popular posts from this blog

                    Probability when a professor distributes a quiz and homework assignment to a class of n students.

                    Aardman Animations

                    Are they similar matrix