Total FUD: Zonelabs Teams up with...

Re: Eye Opener: Zonelabs Teams up with Big Brother (Zedo.com)

Unless I've misunderstood your position, it has been that 2 companies within a Server Farm hosted by akami can share the same IP with no problem whatsoever.

That is entirely false, as I just stated above, So, I won't restate the reasons why that position is entirely false.

As far as my own position, it has remained effectively unchanged from the beginning, aside from the change from "c4" to "c5".

Zedo's Web Servers do NOT do what Checkpoint's Servers do. That is obvious to everyone.

Stating that Zedo and Checkpoint's Servers can share the same IP with NO PROBLEM whatsoever, is technically correct, but obviously a completely silly response regarding the essential fact that the Servers of these companies are NOT running similar systems, nor can an IP msg destined for ONLY the IP Address WITHOUT specification of the URL be dismissed as being irrelevant, because, as you or someone said, in effect, it's handled by akami's Server's.

Hogwash. The response to the point being made is dismissive of the most basic practices and purposes for scaling a specific system.

No.... Just because akami's hosts 10 billion servers does NOT mean that they can randomly assign IPs to ANY Server they please, because "it will work".
BS. It won't work, and you full well totally understand exactly what I mean, and the reasons why it won't work.

Perhaps it may sound as if I might know a little bit about this stuff as I've been in this field since '81, and have focused on communications programming in not only Mini's and Mainframes, but on PC's, as well, since 1993, before Microsoft even put a TCP Stack into Windows. It might also have a little bit to do with having worked on the programming, design (and more) of numerous systems well before and well after the words "2-tier" (etc.) and "scalable" systems became part of our lingo.

My friend.... if you own ZA, as I do. I would ask that you attempt to find a way to tell ZA to block out all of Zedo. C1 thru C7, as well as, www. with a .com and .biz suffix. If you can do so, AND AT THE SAME TIME, NOT BLOCK ZONE ALARM'S OWN WEB SERVER FOR UPDATES of the "Programs", I'm not even speaking of the anti-virus and anti-spyware downloads, .... THEN and only then, could you possibly ACTUALLY PROVE that this SHARED IP is entirely irrelevent. (BTW. Using the hosts **** is the normal method, rather than creating a half-million "Zone Rules" in a firewall), but be my guest and feel free to take that challenge using both ZA and the Hosts ****, or simply one of them.

Only then will YOU understand that what you claim can NOT be put into practice, or you will have entirely disproved everything I clarified in my previous post.

Take the challenge, and prove me wrong!

Cheers, - T2 -

 

Re: Eye Opener: Zonelabs Teams up with Big Brother (Zedo.com)

This is an interesting thread mainly because I'm learning (well, trying ) something. I'm often using Wireshark as a learning tool just to see what contents are contained in various packets. It is interesting to see that my MAC address is contained in outgoing packets. So I ask based on LWM's quote:

... could this info be used by the hosting server to distinguish who is who when inspecting the header/packet information?

BTW, no offense treat2, but I tend to agree with LWM and others.

 

Re: Eye Opener: Zonelabs Teams up with Big Brother (Zedo.com)

Thank you LowWaterMark!

 

Re: Eye Opener: Zonelabs Teams up with Big Brother (Zedo.com)

The bottom line is this:

The IP address DOES (in fact) "matter". (Unlike what someone wrote earlier, that "it doesn't matter!").

The fact is that the Web Servers of both Zedo and Checkpoint are resloved to the SAME IP, and in doing so, ZEDO has a backdoor into the ignorant users of the Internet whom assign "trusted" Web Sites.

The fact is that EVEN 127.0.0.1 can not and NEVER should be "trusted", as THAT would permit Joe Blow to run whatever the hell he wants on your PC, as YOU have elevated the priviledge of that IP address, to trick your PC into thinking IT is "talking" to itself, WHEN IN FACT IT IS NOT! It is simply executing a Web Page that has within it "127.0.0.1" and the various malicious code to do whatever the hell it wants on 127.0.0.1, i.e. YOUR PC.
Unfortunately, virtually nobody on the Net is made aware of this fact, and not surprisingly, they end up with Web Pages executing and "planting" all sorts of crap on their PC, which the user themself gave that Web Page permssion to do, just because it is referencing 127.0.0.1

However, this little known fact is something Firewall Vendors don't mention, nor do any Web Sites make it well known, as IT IS COMMON PRACTICE for Web Pages to refer to "127.0.0.1" for a variety of purposes, mostly having to do with Javascript, which people FOOLISHLY permit to run in the "Local Zone", which they foolishly assign a very high degree of "trust" to within the settings of their Web Browser.


In any case, I'm straying from the point of this thread, which is rather simple:

The Web Servers of two different companies as in the case of Zedo and Checkpoint's ZA Firewall Download/Update Web Site have been assigned the SAME IP address, and THAT means that UNLESS THE WEB SERVERS PERFORM THE EXACT SAME "MISSION" (ie. that the Servers have the EXACT SAME functionality of disbursing ZA Firewall Updates) , which they CLEARLY DO NOT have, when the USER of Zone Alarm that attemps to download an update from upd.zonelabs.com, they will in fact be "talking to" which ever Web Server happens to "grab" the IP message that the user sends to it which requests a download for the ZA Firewall. (Naturally, as Zedo occupies the exact same IP, AND the http request is CLEARLY indicated by ZA's OWN FIREWALL as a failure to connect to http://upt.zonelabs.com because any Net-wise user should be blocking out all of ZEDO's Web Sites (for entirely obvious reasons), the DOWNLOAD FROM ZA WILL FAIL.

Not is there NO getting around that problem since the IP's match, and are passed in the IP Packet, but simply letting Zedo's download of some "free screen trial" which you can find in your Registration Database, as the Program they are intending to launch on your PC is totally foolhardy.

While it is common knowlegdge that IP's can be shared, what you state as being technically feasible and therefore totally irrelevant shows a considerable lack of understanding of Web Design, despite the fact that even a child could execute the same commands which you've shown are easily found on the Net.

Technical feasibility does NOT address the fact that the technical feasibility of these companies sharing the same IP simultaneously, is being used for insidious and malicious purposes by Zedo OR Zone Alarm. Whom is responsible is anyone's guess. However, either way. What remains is that ZA Users are NOT downloading the firewall "progarm update" they assume they are downloading, but are downloading garbage from Zedo.

Check your entire registration database for all occurances of "trial", if you attemted a download without blocking any of Zedo, you will find an entry
(which I deleted yesterday), that is makes reference to something like "trailscreens", except that is NOT the exact string, so simply search for trail, and you will find the http reference to the named site from where your PC assumes it came from, which CLEARLY is the same Web Site as Zedos
c5.zedo.com (modified with a few more qualifiers, when using a fully qualified Web Site Name.)

Beware of those whom want to sweep these facts under the rug, and attibute it to their claims of "my ignorance". Make up your own minds and DO BLOCK OUT Zedo.Com, as they CLEARLY distribute "crap" (a nice word for spyware) as thousands of Web Users reported and can be found via googling Zedo.com, as mentioned earlier.


BTW. This thread is NOT about NAT. Moreover, the origination of the request
is from the USER'S PC, NOT the Server, and THAT is why NAT can tell where to RETURN R E S P O N S E S TO. This is NOT about responses. This is ABOUT the ORINATING OF REQUESTS FOR DOWNLOADS FROM A SINGLE IP!

Do you even have ZA I suggest you attempt to block all of Zedo, and THEN look at the Error Message that is displayed. (Sorry, to find that out, you'll have do do the work yourself. -- I already know.)

BTW. THIS thread and my POINTS are not judged on "popularity" polls, of whom tends to agree with whom! As a rule, the Marjority is VERY Frequently, if not ALWAYS, entirely wrong.

The merits of the thread require some thought beyond the mere fact the more than to Servers or Web Sites can technically be assigned the same IP.
Sure they can. The fact is, that the dissimmilarity of what those servers deliver in response to users requests, not to mention the requests, and the responses, would be totally different, as the Servers do NOT Server the SAME s***.

Have you ever heard of DSN Poisoning? Do you know what it means, and WHY it is done?

Clearly, this is NOT DNS Poisoning. Rather, this is an INTENTIONAL MISUSE of Checkpoint's ZA Download Web Site. WHOM PERPETRATED the misuse is unclear, as their are SEVERAL entirely different motives that could be at play, not to mention the unlikely ignorance of the administrator at akami, which I personally believe is NOT the reason these two companies Servers have been in effect "joined together", unbenknownst to 99.999% of ZA Firewall Users whom do NOT bother to ever check their firewall logs, NOR even write "Expert Rules", and assume that ZA, and all the other garbage Firewalls out there ACTUALLY protect them after they slap it on their hard drive and walk away!

Ignorance is bliss, until they find out in a few days after picking up some "nasty garbage" (during their surfing) that their PC can be manipulated by any child that can read.

Best Regards, - T2 -

(EDITTED BY T2 AT 1:54AM EST)

 

Re: Eye Opener: Zonelabs Teams up with Big Brother (Zedo.com)

Hello,

What??

Shows the considerable lack of understanding, indeed.

You see, Zedo, Kemo or whatever do not have access to the server logs. This is because these are not their logs. They belong to akamai and only akamai administrators can review them.

Thus, packets and going belong to no one, especially not to what you refer.

IP addresses are irrelevant in the context of your post, not in general. Do not turn my words around. In the context of your conspiracy - oh woes, they both share the same IP - yes in this case, the IP IS irrelevant.

And blacklisting IPs is a waste of time.

Mrk

 

Re: Eye Opener: Zonelabs Teams up with Big Brother (Zedo.com)

Yep! The link fails because the IP matters, the Web Site reference matters, and as I said. c5.zedo.com IS upd.zonelabs.com.

No mystery there.

Thanks for proving my point!

BTW. You didn't checkout the intended download, eh? Check that out, too!

Best Regards, - T2 -

 

Re: Eye Opener: Zonelabs Teams up with Big Brother (Zedo.com)

if in any doubt solution is simple, don't use zone alarm.

 

Re: Eye Opener: Zonelabs Teams up with Big Brother (Zedo.com)

Oh, yes.. he should also bin windows XP and VISTA.
Probably better to bin the entire PC

Fax

 

Re: Eye Opener: Zonelabs Teams up with Big Brother (Zedo.com)

Proves what? That ZA teamed up with ZEDO?
It proves you completely missed the point. The point in virtual hosting is the data been transfered not the IP or http addresses been used. Data is unique and originating from the respective sources.

If this was not the case, I would end up installing the latest fancy screen saver instead of a critical MS KB patch or wakeup in the morning with with a nice spyware pop-up instead of the latest virus definitions.

Have you ever used a download manager? it is very roughly the same principle, data is retrieved from different sources to improve the process and speed of the download this is regardless of the IP or addresses used.

Probably you should rectify your misleading title from "Zonelabs Teams up with Big Brother" into "Virtual Hosting learning thread"....

Cheers,
Fax

 

Re: Eye Opener: Zonelabs Teams up with Big Brother (Zedo.com)

First, I'd like to thanK the Administrator of Wilders for not having shut
down this thread, and having PERSONALLY taken the time to investigate and
confirm that what I've posted is true. Namely, that (more than one of)
Zedo.com's IP Addresses (hosted by akami) and upd.zonelabs.com (also hosted by akami) are in fact resolving to the same IP, resulting in DNS Servers around the globe resolving Updates to Zone Alarm to the several of the IP's shared by Zedo and the Zone Alarm Programs Update Web Site for their ALL of the users of the Zone Alarm products which go to "their" Zone Alarm Firewall "update Site".

Although it took 24 hours to reach a conclusion, and plenty of debating
various board members and the Administrator here (as well), my findings were
finally confirmed, as my "challenge" (posted in one of my posts above) was
finally taken, and proved out to be true.

For the everyday users of ZA the implications are enormous, as the average
ZA users do not know enough to not "trust" their own Firewall Vendor's Site,
(nor even 127.0.0.1, as I mentioned in an earlier post, and explained why
that should NEVER be done - even if localhost is assigned elevated
privileges. Again, the reasons for not doing so are also explained in one of
my posts in this thread in which I took the occasion to go off on a tangent,
for the benefit of the readers of this thread.)

It is my sincere hope that the Administrator of Wilders will be kind enough
to personally contact Checkpoint and possibly Akami, to explain to them the
effective DNS poisoning which may or may not have been done intentionally.
Personally, I hardly think that an akami Admin to be so dumb as to allocate the same IP to two different companies, as it would be akin to equating
www.bankofamerica.com to www.hackersRus.com, and not giving it a second
thought.

Naturally, we all know the reason that the legitimate allocation of IP's and
Web Site names is done in a controlled manner, as complete chaos would occur if anyone was permitted to allocate their own IP to match the IP of a Bank (for example).

Not surprisingly, the argument was made that assigning IP's to multiple Web
Servers is viable and legitimate.

Indeed that is so.

However, what the "posters" of such statements did not, and probably still
do not understand is the fact that this "device" was NOT intended for two
companies with entirely different "missions" and therefore having different
purposes in terms of whomever makes requests of their Servers, and what
responses those companies deliver MUST NOT share the same IP address, as
that would be totally incompatible with the PURPOSE of those different
Servers of those different companies.

Moreover, the proposal that IPs do not matter was also disproved in terms of
the context and intent of this thread which fully explains that not only do
the IP's matter, but the Web Site names, whether they are or not fully
qualified matter, and that in the case of Zedo and ZoneLabs Update Site, at
the present time, it doesn't matter if you use a "fully qualified Web Site
name, or not, as I initially explained that C4.Zedo.com (and www.zedo.com)
are both equating to the 2 different IPs being used by Zonelabs as their
Firewall Program Update Web Site a.k.a. upd.zonelabs.com.

Only a few seconds of research showed that Zedo's fully qualified Web Site
name for it's c5.zedo.com (not specified in this post, but which is given
above in numerous posts), ALSO equates to upd.zonelabs.com, and I have NO DOUBT that OTHER Zedo.com Web Sites fully qualified Web Site name ALSO equate to the 2 IPs that akami allocated to upd.zonelabs.com.

Perhaps the equivalence in the resolving of the Web Site names (fully
qualified or not) was done at the behest of an ignorant Administrator at
akami (which hosts the Servers of both companies). However, the rather
insidous nature of Zedo's "practices" on the Web can be confirmed by anyone
whom googles on Zedo.com, and looks through only a fraction of the 10's of
thousands of posts by folks on the Net whom were "infected" with a range of
"garbage" originating from Zedo.

Lastly, what leads one to further suspect "foul play" by Zedo and/or by Zone
Alarm's own Vendor is the fact that when one does NOT protect their own PC
by blocking out all of Zedo's sites, what one will find being downloaded
onto their own PC is some sort of "trialware" which can be easily found by
doing a search on your registration database (if you're a Windows user),
using the string "trial" (w/o the quotations). What one will find is an
entry for some sort of "trail screens" which a Command Prompt window will
attempt to install onto the unfortunate user's own PC. And there is little
doubt in my own mind that THAT attempt at installing some "trialware" was
originating from ZEDO.com, as it is a rather unlikely **** name to be used
for the temporary or permanent storage of any kind of legitimate Firewall
Update.

That Checkpoint (ZA's vendor) is involved is rather LIKELY, because despite
the shared IP address, that SOFTWARE is always downloaded. Thus, which ever company's Web Server happens to grab the assembled IP packets from ZA users which are asking for their ZA Firewall to be updated WILL ALWAYS GET THE SAME **** DOWNLOADED!

That would indeed suggest that both ZEDO and Checkpoint's Web Servers are BOTH delivering a **** to ZA Users in an insidious manner, and logically, it
can be concluded that the assignment of the SAME IP by an AKAMI Admin was NOT done out of the Admin's ignorance, but instead was done at the behest of Checkpoint AND Zedo, as BOTH Servers of these companies are delivering the SAME GARBAGE to ZA unfortunate users whom mistakenly are under the assumption that they are getting a legitimate Firewall Update.

Hopefully, Wilders own Admin will Contact Checkpoint, as well as, point out
to the user's of Zone Alarm as to what is currently going on with Zedo and
CheckPoint "sleeping in the same bed", to the unfortunate users of ZA's
Firewall, so as to alert the Public at large, Checkpoint, Zedo, and Akami,
the WE ARE ONTO THEIR SH**. And we KNOW what they are doing, and how they are abusing the trust that consumers of Zone Alarm have placed in their
Firewall, and in CheckPoint to deliver LEGITIMATE FIREWALL UPDATES, RATHER THAN GARBAGE WHICH CHECKPOINT AND ZEDO ARE DELIVERING INSTEAD.

Many thanks again to the Admin of Wilders for confirming for him/herself the
facts pointed out, and not loosing site of the fact that while an IP can
legitimately be shared, THAT is ONLY done in SPECIFIC CASES where it makes
sense for a Single Company's Web Servers to do so, RATHER THAN use a Static or Paid for Assigned IP or Ranges of IP's, as SHOULD BE DONE BY CHECKPOINT, but which they appear not to be doing for ILLEGITIMATE REASONS.

Despite it having taken 24 hours to have proved my point and for the Wilder
Admin to have confirmed the facts I stated as being true, I appreciate the
Admin having ultimately taken the time to do so, and engage in a sometimes
somewhat slightly "heated" debate over what is going on, and trust that
"face-saving measures" will not prevent the Admin from assisting the
community of ZA Users whom frequent Wilders for insights and advice.

Again, I consider Wilders to be one of the most reputable Security related
sites, and as the ZA Forum would have required my taking measures to lower
my security substancially, in order to post my finding to ZA, my first
thought was to reach a wide community of ZA and other users at this
reputable site, which does NOT require anyone take the extraodinary measures of lowering their Internet Security to a level that no one should do in ANY Forum on the Net.

Many thanks again to the Wilders Admin.

Best Regards, - T2 -