The Trouble

For the last little while I have been using pfSense as my firewall and I have been generally liking it. Nice balance between having features and being minimal. However, one of the things that has been bugging me about it is the fact that it can't block ad-sites using wildcards. You can add an individual host name to its DNS Forwarder Service, but you can't tell it to resolve all hostnames below a given domain. You can provide an authoritative DNS server for a given domain but that is not quite what I am looking for. So for example, if you want to block

server1.intellitxt.com
server2.intellitxt.com
server3.intellitxt.com

… you have to create individual entries for each one. And frankly, with a bunch of chumps like IntelliTXT you can be sure they'll have plenty of "hostnames" on their list. What's more is that I want to be able to have my list of "bAD sites" replicated to other firewalls that I control so that even if I go elsewhere I'll still be sheltered from that crap.

I haven't had shitloads of free time lately and as a result have not had time go searching through the pfSense forums for answers… until yesterday. I found a post by some guy looking for generally the same thing but for different reasons. Then I found another post explaining that if you simply create a /usr/local/etc/dnsmasq.conf file you can throw in configuration directives as described at the dnsmasq webite. So here is what to do…

The Steps

1. Login to the pfSense web interface and enable sshd (under System -> Advanced)
2. SSH into the firewall

I don't like to leave sshd open by default, there are just too many douchebags constantly pounding on port 22 all the time. If you are managing your firewall from a Windows based machine you can SSH to it by using something like KiTTY or PuTTY. If you don't know how to SSH into your firewall you may want to consider buying a "hardware router" at your local computer shop.

3. pkg_add -r wget

The wget package will be used to download the list of crappy sites from a central distribution point. That way you just update the copy on my webserver and all routers you control will be updated.

4. mkdir /usr/local/etc/dnsmasq.d

Later on we will be telling dnsmasq that ALL files in this directory are to be considered config files. That way you can simply add another file if you want to configure dnsmasq for some other purpose (and keep your config files segregated by function).

5. vi /usr/local/bin/noads_update.sh

Use vi to create a small script that will update the "bad sites" list and then restart dnsmasq so that it will reload the new list.

#!/bin/sh
cd /usr/local/etc/dnsmasq.d
/bin/rm ad_hosts.txt
/usr/local/bin/wget http://www.your-domain.com/ad_hosts.txt
/usr/bin/killall dnsmasq
/usr/local/sbin/dnsmasq

NOTE: that you will of course have to change the URL above to YOUR list of bad sites… you will want to make your ad_hosts.txt easily modifiable by you and readily downloadable by your firewalls.

6. chmod 755 noads_update.sh

Don't forget to make the script executable.

7. Logout of your SSH session
8. Return to the web interface and disable sshd

Seriously, people suck, just turn it off.

9. Add the cron package

Go to "System -> Packages" and add in cron, which will tell pfense to run your little script every now and then.

10. Add a cron entry for /usr/local/bin/noads_update.sh to run as admin

You can run it as frequently as you wish though I would think that once a day is enough.

11. Create a new file: /usr/local/etc/dnsmasq.conf

Go to "Diagnostics -> Edit File" and first try to LOAD /usr/local/etc/dnsmasq.conf… it should not find anything, then add the following line and save it:

conf-dir=/usr/local/etc/dnsmasq.d

12. Restart the cron service from "Status -> Services" so it will reread its configs and will know that it is supposed to run your script.

A Little More Explanation

Now to some that might look a little scattered. So here it essentially what it all does. The /usr/local/etc/dnsmasq.conf file you added at the end is a dnsmasq config file, by adding conf-dir=/usr/local/etc/dnsmasq.d to it you are telling dnsmasq to look in the dnsmasq.d directory and treat [almost] all the files in there as further config files. The cron job you created is for automatically (once daily) running the script you made, and the script just downloads a new copy of the list.

The List To Create

Okay, so what about the list? Well, you would create something like this (notice how wildcard entries start with a "dot"):

# This is a sample of my ad_hosts.txt file
# Start with wildcard entries
address=/.ad-flow.com/127.0.0.1
address=/.adbrite.com/127.0.0.1
address=/.addthis.com/127.0.0.1
address=/.addtoany.com/127.0.0.1
address=/.adsonar.com/127.0.0.1
address=/.adtechus.com/127.0.0.1
# And then individual host names
address=/adcounter.theglobeandmail.com/127.0.0.1
address=/adlog.com.com/127.0.0.1
address=/ads1.msn.com/127.0.0.1

Now you COULD add these entries for "bad servers" directly into the /usr/local/etc/dnsmasq.conf file but by using the /usr/local/etc/dnsmasq.d directory to store your config files, you could easily add another function to dnsmasq later on very easily. Say for example, that you had local network devices that are not very aware of things like DHCP and DNS. You could create another config file (and another script for cron to run) that has your

address=/printer.my-cool-domain.com/192.168.1.100
address=/ipod.my-cool-domain.com/192.168.1.101
address=/whatever.my-cool-domain.com/192.168.1.102

Now you would have one config file for blocking ad servers and another for resolving names of local "DNS unaware" devices.

Additional Notes

I have chosen to resolve these names to 127.0.0.1 which is localhost, you could really use any IP address you wish (but of course you would want a fast webserver that shows nothing). Since most of my "surfing" is done from a Windows box, I like to use Homer Webserver on my Windows boxes to serve up a single transparent GIF file to all requests. That way the blocked sites are about as invisible as I can get them.

Personally I would like to find a better automated way to restart dnsmasq than using "killall dnsmasq" but I seem to be struggling on this one.

Even if you control some networks on which you do NOT use pfSense as your firewall, you can still use the same ad_hosts.txt file (assuming you are bright enough to be using dnsmasq for DNS on those networks).

That's right, the same blog website is just packed full of bullshit… let's see.

Next Post

This one claims that "but one day, SpamHaus destroyed the Freehyperspace server" – oh come on, did they hack into the server? How many other websites/forums were damaged? How did you know it was spamhaus? Seriously here is how spamhaus works:

1. spamhaus has a list of IP addresses that spam comes from
2. They make that list available using a form of DNS
3. Administrators choose to use (or not use) spamhaus' list when they setup their email servers

As far as I know, there isn't a single email server application that uses spamhaus by default, so any email server that IS using it is doing so because of intentional action on the part of the email admin. The bottom line is that spamhaus never did shit to FreeHyperSpace.

How about another one?

This one says

It's the biggest mistake – using blacklists that are IP address-based, cause SPAM (and I mean real SPAM) is sent by millions of infected machines, and users dont know that and can do nothing to stop it, because they are simply infected by computer virus.

If this person could form a sentence it would explain that spammers often do not use their computer to send spam, they use YOUR computer to send spam. They infect you with trojans/viruses/whatever when you open those fucking joke emails you just can't stop laughing at. When your computer joins their "botnet" of thousands and thousands of other "zombie" computers then YOU are the one sending spam. And yes, YOU are the problem. And yes, you should not be allowed to send mail until you get the fucking spam factory off of your PC.

Just another ass who got infected and wants everyone else in the world to fix it for him.

How about Tim?

This is great, the bold headline text says that "Tim Bolen is a very well educated man". Too bad about the grammatical error in the next sentence eh? Okay, get your head around this

If your email is being blocked, or your friends can’t reach you, and you find it difficult to communicate on the internet, then you SHOULD file a criminal complaint against the Spamhaus/SPEWS Project with Federal and State Agencies.

Yes, that's right, spamhaus is responsible for ensuring the safe and efficient travel of every packet of information across the Internet. You fucking asshole, maybe the problem is that you have a virus? Or that your 3 year old pissed on the cable modem? Or that you just don't know what the fuck you are doing? How could anyone take this kind of shit seriously?

Oh I just don't have the patience to comment on any more of this shit. The bottom line is that it is bullshit drawn up by spammers themselves in an attempt to get people to stop using spamhaus to delete their spam. You want to stay off the list? Quit letting your computer get infected and your problems will go away.

I found a blog post about wanting to stop spamhaus from publishing lists of spammers. Sounds like this poor old Mom n' Pop ISP business was really hard done by because of spamhaus eh? Too bad the story is bullshit. The third paragraph begins by saying

The IP addresses they were operating from were removed from our network, swip'd to them and were routing though big name global network providers.

Here's a tip, if you are an ISP, you might want to make sure that when you buy IP addresses, that they REMAIN YOURS. By "swip" I can only assume they are referring to Shared Whois Project which is essentially a system for maintaining a list of who owns which IP addresses.

Dipshits, you either participated in the spamming or you got swindled out of your IP addresses by a scammer… either way, spamhaus is not the problem.

Waitafuckinminute… back up the truck "beep beep beep". At the beginning of the post it is described as a "small ISP" but later in the post it says they had 16k IP addresses that were blocked by spamhaus. Let's say that only HALF of those IP addresses were being sold out to customers… and those customers are paying $20 a month for internet access (BRUTALLY conservative numbers) – that would be $160,000 a month in revenues. Sounds like a "small ISP" to me. You can argue that any way you like but someone who owns 16,000 IP addresses should seriously know how the fuck to protect them. Duur.

Paul, you dropped the ball… don't call it spamhaus' fumble.

So today I decided to list my website at DMOZ and discovered a few things I found somewhat interesting.

On their General FAQ there is an answer to the question of what DMOZ means. So if I understand the answer correctly, there is a directory called the ODP (Open Directory Project) which has no affiliation with the current Mozilla other than the fact that they also like the idea of open-source, but that uses the name DMOZ specifically because of Mozilla. Strange.

additionally, if you decide to submit a website to be listed in their directory the Submission Agreement specifically says

To grant AOL LLC. Corporation a non-exclusive, royalty-free license to use, publish, copy, edit, modify, or create derivative works from my submission.

Which leads me to believe that if you want your website listed at DMOZ, then you must agree that DMOZ may do whatever they wish with the content of your website. Further, it does not say that they cannot sell works derived from your own, giving them the ability to take your content, modify it as they see fit, and sell it as their own if they so wish (without providing any credit to you).

Okay, now what happens if someone has a website that they do NOT wish to list in DMOZ and I decide to list it for them? I do not see anything stopping me from adding YOUR website to DMOZ and I do not see any way for DMOZ to know who is submitting sites. By that wisdom, it seems that it is possible for assholes like Jack Chen to grant "non-exclusive, royalty free rights" to the works of others. Corporations can be such cunts with their legal buttfuckery. Fuck you AOL, if for no other reason than you are douchebags.

There, let's see if that gets me listed at DMOZ.

So in my quest to "not get anymore spam" I received a message telling me that my Battle.Net subscription had been reset. Since I do not have a Battle.Net subscription, do not intend to play WoW, and never even tried a trial of it… I thought that just maybe, this might be spam. A couple of days passed and I got another message telling me that my Battle.Net password had been reset, I was starting to think this may become annoying.

Both messages came from Hotmail servers so of course they walked right past my fancy hMailServer anti-spam RBLs. When you send mail through Hotmail though it adds a header field called X-Originating-IP and both of these messages had apparently originated in China. So some ass in China was making accounts on the US Hotmail website and sending email [SPAM] to whoever the fuck he wanted and could skip through any RBLs that only look at the IP of the CURRENTLY connected system (rather than looking at the X-Originating-IP header). So the solution to this might just be to run SpamAssassin which I believe WILL check the X-Originating-IP against RBLs. That blows.

Anyone who has read this far may be wondering who the fuck Jack Chen is. Well he is the asshole (or ONE of the assholes) who seems to be behind the shitty emails. Both of the emails have links to websites that are clearly trying to fuck me for my Battle.Net credentials… here's where one of them points to. Please note: THIS IS A FAKE, FORGED, PHONEY, AND NOT REAL BATTLE.NET WEBSITE – IF YOU PUT YOUR NAME AND PASSWORD IN HERE YOU ARE A FUCKING IDIOT!!!

http://wow-account-support.linkpc.net/login/

Now it is truly unfortunate that numerous people do not understand how URLs are structured. People are sometimes confused and fooled because they see things like "wow-account-support" in there. The actual domain name above that someone paid for is linkpc.net (click on the link you'll see that Jack Chen owns it). You'll also notice that it is registered at www.dnsexit.com. That is interesting, I wonder who owns dnsexit.com eh? Ohhhh, it's Jack Chen… of course! So the guy who owns the registrar dnsexit.com also owns the domain that is hosting the phishing website that is trying to steal Battle.Net passwords? Oh my! Further, if you use the utility at domaintools.com to do the lookup, you'll see that Jack Chen owns well over 500 other domains as well! Oh wait, almost by accident I also noticed that dnsexit.NET instead of .COM) is owned by Lisa Zheng who just happens to have an email address of jchen@netdorm.com and the same address of 988 Eight Mile Rd in Cincinnati. Oh and "she" owns 22 other domains (bringing the total up to about 600 domain names).

Then if you resolve wow-account-support.linkpc.net to an IP address it is 119.51.49.24 which is in China. And if you surf directly to that IP it presents an NCSoft login page, a direct competitor of Blizzard, Battle.Net and Warcraft. This cocksucker is scamming passwords for multiple games, from PC's in China, and uses his Ohio based business as a domain registrar to harvest domains to do it with. Fuck you Jack Chen, you are a first class cunt.

New comment posted for picture: image007.jpg (awaiting your approval)

Author: jsxewqkxb (IP: 91.201.66.101, Remote Host: 91.201.66.101)
Email: ropsoi@nxiudq.com
URL: http://kehgchhuauax.com/

Comment:
7XHV7p yehnmnlsvrpi, [url= http://rbobdesenlay.com/]rbobdesenlay[/url], [link= http://sakwoukhhnjs.com/]sakwoukhhnjs[/link], http://btifcqjkabgu.com/

You can see all the comments for this picture here:

http://photo.snork.ca/?level=picture&id=77

Assholes.

ROFLCOPTER… so mere minutes after allowing the web server to send mail again I got an email telling me about a comment being posted to my photo site:

New comment posted for picture: image007.jpg  (awaiting your approval)

Author: dncthsxccnp (IP: 91.201.66.101, Remote Host: 91.201.66.101)
Email: ztmswc@gkkoni.com
URL: http://dqkasybcjawm.com/

Comment:
kItxGP  nxwuaupubicp, [url=http://qlntlaojaasf.com/]qlntlaojaasf[/url], [link=http://zfmqigjxfrjo.com/]zfmqigjxfrjo[/link], http://yajhkafzzley.com/

You can see all the comments for this picture here:

http://photo.snork.ca/?level=picture&id=77

Sorry Fruit Cup, I don't have comments open to the whole world to see your spam you cunt. Turns out 91.201.66.101 is from "Russian Federation"… I guess this means it is about time I put an .htaccess on my web server to redirect these cocksuckers to something other than myself. Comment Denied asswipe. :-)

This should actually be posted in an "I Suck" category but I didn't feel like making one… today I saw that my web server was trying to repeatedly send emails to the outside world (and was being blocked). Turns out that a firewall rule was keeping it from sending out emails (which is required if I am going to accept registrations).

As it turns out I am not too upset by this since it seems that all 79 of the registration attempts were trying to send to IP addresses owned by Microsoft between 22:03 and 23:17 which maps out to about one per minute. I imagine it is a Hotmail address but I have trouble understanding why someone would be so desperate to leave me a comment. In any case, I believe the problem has been fixed, so feel free to sign up for an account… just be aware that all comments are moderated by me and do not get posted until I approve them.

So hMailServer is working out pretty good. As stated previously, I have a Windows 2000 (SP3) machine running hMailServer v5.x, and last night I got some nifty antispam shit setup. I found this sweet website that provides a DNS blacklist based on country of origin. Interesting you say eh? So what can you do with that? Well, here is how you can setup your hMailServer to disallow mail from selected countries. If you run different mail software let me first hope that it is not Exchange and then tell you that this may still help in concept.

1. First, you want to understand what a DNSBL is and how it works. Start by checking out the DNSBL page on Wikipedia and maybe this little tutorial. If you find yourself becoming concerned about the "criticisms" part of the wiki entry stop and think about it for a moment. The primary argument of DNSBL haters is that it serves as censorship. This is a crock of shit, the whole concept of free speech is that you can say whatever the fuck you want AND I also have the choice to not listen to your fucking crap. All DNSBLs do is provide people with a way to not listen to the free (and annoying) speech of spammers. DNSBLs are not censorship, they are about providing choice to the listener instead.

2. If you have decided that DNSBLs are for you, then you need to setup your mail server to use them. Now hMailServer comes with a couple of default DNSBLs that can simply be turned on. I personally use the spamhaus list but not the spamcop list on my server. To enable spamhaus (or spamcop), connect to your server with the hMailServer client and navigate through the left pane to Settings -> Anti-spam. By default v5.x should come with entries already listed for both. Just select enable and voila it is ready to start evaluating crapmail.

Things to take note of are the "Expected Result" and the "Score". If the DNSBL server returns one of the IP addresses in "expected result" then "score" will be added to the message. Expected Result is a list of IP addresses separated by pipe symbols and score is an integer value (can also be negative). The scores that a message receives are then used to determine what action hMailServer will take on the message. Click on Anti-spam in the left pane to see the config settings for this.

As you can see, I have set my "spam mark threshold" to 1, which means that anytime an email scores 1 or higher, it will have headers added to it by hMailServer. My "spam delete threshold" is set to 20 (which my messages never reach) so hMailServer never deletes any of my spam, it simply marks it with headers. What do my headers look like as a result of these headings? Here's a sample from this morning…

Return-Path: androgen5@100straight.com
Received: from speedtouch.lan ([190.167.45.217]) by mail.snork.ca ; Tue, 24 Aug 2010 08:02:59 -0400
Received: from 190.167.45.217 by mail.100straight.com; Tue, 24 Aug 2010 14:02:56 +0100
Message-ID: <000d01cb4384$49dee6c0$6400a8c0@androgen5>
From: "Ethan Moreno" <androgen5@100straight.com>
To: <fakeaddress@snork.ca>
Subject: Ethan Moreno sent you a message on Facebook
Date: Tue, 24 Aug 2010 14:02:56 +0100
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="—-=_NextPart_000_0007_01CB4384.49DEE6C0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-hMailServer-Spam: YES
X-hMailServer-Reason-1: Rejected by Spamhaus. – (Score: 3)
X-hMailServer-Reason-Score: 3

Some people may think this is just a lot of crap, but it is really not that hard to understand once you get used to seeing information in this format. You'll notice that my mail server (mail.snork.ca) received a message from the IP address 190.167.45.217 and as it turns out, that address is listed in the spamhaus DNSBL. The last three lines of that header were put there by my mail server. They say that

1. YES it is spam because
2. the IP address is listed at spamhaus (which added 3 to it's score)
3. giving the message a final score of 3

Other than that, the message is essentially unchanged. So how does that help? Well in my email client I setup rules that say "If X-hMailServer-Spam is YES, then move message to Spam Folder"… additionally I also set it to mark the message as read so I don't have to see an unread message count on my spam folder. Cool eh? But what about this blocking by country stuff? Well, if you do a quick lookup on the above IP address you'll see that it is from Dominican Republic, which I am not blocking. Let's see how country blocking works:

1. Now that you know a bit about how hMailServer tags messages and how a DNSBL works, you can imagine how the DNSBL for countries works as well. The guy who runs http://countries.nerd.dk/ has setup a DNS server that will return a different IP address for your mail server's queries based on what country the sender is in. It does not evaluate whether the message has the word V1AgRA or R01EX, it does not evaluate whether or not that IP address has been caught sending spam previously, it does not evaluate anything other than where it is from. Individual mail administrators are able to use this information to block countries they do not wish to accept mail from.

2. In order to use this you need to first decide which countries you want to block. Start by going to Wikipedia and looking at the list of country codes and write down all of the two-letter codes of the countries you wish to block. Then go to the results list chart at countries.nerd.dk and record the corresponding IP addresses. I found that it was helpful to simply put a text file on my desktop that looks something like this:

CN 127.0.0.156
HK 127.0.1.88
KH 127.0.0.116
KP 127.0.1.152
RU 127.0.2.131
TW 127.0.0.158

… and so on. It is a good idea to keep this recorded in an accessible place so that later on, if someone gives you shit for blocking them, you can quickly check your country blocks (instead of trying to reverse lookup the chart).

3. Now that you have this list you can setup a new DNSBL service on your mail server. Go back to where you enabled spamhaus (Settings -> Anti-spam -> DNS Blacklists) and add a new blacklist. you'll want to set it up similar to the shot shown here:

The red arrow shows the address of the DNSBL which is zz.countries.nerd.dk, the blue arrow is where you put your list of IP addresses (separated by pipes), and the green arrow shows the score which is what will be added to the message if the country is on your block list. If you don't know what a pipe character is (you gotta seriously consider whether running a mail server is a good idea for you) it is what you get when you hold down SHIFT and press the backslash (\) key. It should look like a vertical line (Jesus I can't believe I just typed that).

How that you have added this entry (and enabled it) you should start to see new headers and new scores in your email headers. Here's one that matched both of my DNSBLs:

Return-Path: disgraceful93@damowalsh.com
Received: from AIHWJTQU ([119.153.1.85]) by mail.snork.ca ; Mon, 23 Aug 2010 08:41:33 -0400
Return-path: <fakeaddress@snork.ca>
Received: from [119.153.1.85] (port=9969 helo=wasim386f00157) by
mailserver.damowalsh.com with asmtp id 0C5E2C-000745-48 for
<snork@snork.ca>; Mon, 23 Aug 2010 05:41:28 -0800
Message-ID: <337AB431D9244A4FA777CF49413FDF5C@wasim386f00157>
From: "Carlo Springer" <disgraceful93@damowalsh.com>
To: <fakeaderss@snork.ca>
Subject: Get a promotion at work after you get another diploma.
Date: Mon, 23 Aug 2010 05:41:28 -0800
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="—-=_NextPart_000_0005_01CB42C0.817C4470"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Mail 6.0.6001.18000
X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18049
X-Spam: Not detected
X-Mras: Ok
X-hMailServer-Spam: YES
X-hMailServer-Reason-1: Rejected by country. – (Score: 2)
X-hMailServer-Reason-2: Rejected by Spamhaus. – (Score: 3)
X-hMailServer-Reason-Score: 5

Notice the new header that shows it was found in the country DNSBL as well? Turns out that IP address is in Pakistan which is on my list of countries to block. And notice that this message has scored a total of 5? If you have elevated trust in a particular country to not send spam you could create another DNSBL that would reduce the score. I am considering setting hMailServer to delete anything that achieves a score of 5 (on both blacklists) so that my mail client never even sees it. In the end, it is up to you the mail administrator to decide what scores are appropriate and which are not. Good luck with that.

Some people like to use Instant Messages to communicate with others… and some like to use MSN Messenger or Windows Live Messenger or whatever Microsoft will decide to call it next week. Personally I'm not a big fan of Microsoft wanting to decide which software people use. It is just like the old IE anti-trust bullshit over and over again. There's nothing stopping people from using different clients and different services to accomplish the same goal (or better ones in some cases).

My IM client of choice these days is Miranda IM. It is pretty minimalistic and works just Jim Fucking Dandy to send IM messages. There are plenty of plugins for it to extend it's abilities as well (though I don't like to load my Miranda installation with extra goodies). I have an old ICQ account that I use with Miranda and it has all the chatting ability I need.

If you don't like Miranda IM you can always find another client… there is tons of information on Wikipedia about IM clients.

So if you play video games on your PC then you may have heard of TeamSpeak. It is an application that lets groups of people carry on voice communications while playing games. Actually it could be used for ANY type of voice communication but they like to play up the gamer angle. On the TeamSpeak System Requirements page it clearly states that the server component is compatible with Windows 2000. This is not true.

It WILL work on Windows 2000 but it will not work using the native Windows 2000 DLL files. If you go to the TeamSpeak Forums and search for "Windows 2000" you'll see plenty of posts from people having all kinds of problems running it on Win2k. And if you read thoroughly enough you might even find this post which has a way of getting it to work (scroll down to the post by Arkan). Now I followed the instructions and got it to work just fine but I did find that collecting the required files was a pain in the ass (especially with the old version of IE that comes with Windows 2000). So I have decided to reproduce the information here and provide copies of the files so you won't have to go clicking all over banner-laden sites or waiting for non-premium downloads from pay sites.

1) Copy kernel32.dll, wtsapi32.dll, and ws2_32.dll from WINNT\system32 to TeamSpeak folder
2) Rename them to kernel32_ORG.dll, wtsapi32_ORG.dll, and ws2_32_ORG.dll
3) Place kernel32.dll, wtsapi32.dll, and ws2_32.dll in your TeamSpeak folder
4) Run ExcludeFromKnownDlls.reg if it's your first time using the wrapper.
5) Get Dbghelp.dll, unzip and put it in the same folder.
6) Get psapi.dll and put it in the same folder.
7) Run Teamspeak

If for any reason you are unable to download DLL or REG files then simply download this ZIP file with all of them in it.

Yeah, I got sick of Wordpress screwing with my quotes all the time! So I got THIS.