Paul Hill | itFlee.

com

Before DNS servers were in use, Windows computers used a “Hosts” file to map an IP address to an easy to remember
name (like itflee.com). This host file still exists, so let’s go take a look at it. Open Windows Explorer and navigate to
“C:\Windows\System32\Drivers\etc\”. We are looking for a file called “hosts”.

In order to edit this file, you will need to open a text editor with administrative rights. Click the Windows Button and
search for Notepad. Right click notepad and select Run as administrator.

Next drag the hosts file into the text editor. You will now see the contents of the hosts file and are free to make
changes.

This file is commonly manipulated by hackers to do what is called DNS poisoning. Meaning, they enter a different IP
address for a commonly website like facebook.com, but instead of putting FaceBooks IP address they put in the IP
address of a malicious website that looks like FaceBook but instead steals user names and passwords or other personal
information.

Paul Hill | PaulH@itflee.com | itFlee.com

 Paul Hill | itFlee.com

To help you understand how this file works, let’s create an entry called mytestentry and map it to a loopback IP address.
A loopback IP address (127.0.0.1) references the computer you are currently logged in to. First, let’s open Command
Prompt and attempt to ping mytestentry and see what happens.

Of course, there is no host name called mytestentry because our DNS server does not have a record of it, and it is not in
the hosts file. So now we are going to create an entry for it.

Go back to notepad and at the bottom of the hosts file type 127.0.0.1 mytestentry. The 127 IP address is the loopback
IP we talked about earlier, and mytestentry is the host name we want to reference this IP address. Save the file and
switch back to Command Prompt. Press the up arrow to select the command we entered before, and press Enter.

Paul Hill | PaulH@itflee.com | itFlee.com

 Paul Hill | itFlee.com

Now we can see that we were able to ping mytestentry. We can see that it attempted to ping at 127.0.0.1 and got a
reply. Of course we could have used any host name we wanted to, but for this example I wanted to use something that
likely was not in use.

Now the last thing we need to do is remove the entry from our hosts file as we no longer need it. Go back to Notepad
and remove the line we had just added and save the file once again. Notice that if you go back to Command Prompt and
attempt to ping mytestentry it will again say it could not find the host.

An import fact for you to keep in mind is that the hosts file only affects the local computer and has no effect on any
other computers on the network. So you if tried to ping mytestentry from another computer on your network it would
not be able to find the host because each computer only looks at its own hosts file and not any other computer’s hosts
file.

Paul Hill | PaulH@itflee.com | itFlee.com