127.0.0.1 ?

Discussion in 'other firewalls' started by Fly, May 30, 2008.

Thread Status:
Not open for further replies.
  1. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    There has been a hot debate going on in another thread, and there is one aspect that I'd like to see clarified.

    It was stated that '127.0.0.1' should never be trusted.

    Is this true ?

    Does security software commonly trust '127.0.0.1', which is usually the same as the localhost as I understand ?

    I've taken a look in my Spy Sweeper (version without antivirus), there it says under 'host file shield options':

    Address: localhost ; IP Address in Hosts File: -blocked- ; Correct IP Address 127.0.0.1

    I'm not quite sure what that means. Does it block IP adresses in the hosts file other than 127.0.0.1, or does it block 127.0.0.1 ?
    In the past I have received some emails (with the Spy Sweeper giving real-time protection, but maybe it doesn't work for emails) with 127.0.0.1 at the bottom of the header, and the emails contained pictures, even though my Outlook Express does not display email in htlm. Couldn't that be dangerous ?

    Just looking for some clarification.
     
    Last edited: May 30, 2008
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Hello,
    Why shouldn't you trust your own computer?
    I really don't know what Spy Sweeper does or why - and the same for Outlook Express. I can only tell you that addresses 127.x.x.x are local. Thus anything coming from this address was generated by your own processes. So ...
    Mrk
     
  3. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    I can add that 127.x.x.x not only local, but also virtual. This works without NDIS level, using just winsock.
     
  4. wat0114

    wat0114 Guest

    Hello Fly,

    this may also help.
     
  5. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Can these HOST softwares also clean the host file by checking each bad website, if it still exists or not ?
    If the bad website doesn't exist anymore, it can be removed from the HOST file.
    If the bad website still exists, nothing happens.
     
  6. MikeNAS

    MikeNAS Registered Member

    Joined:
    Sep 28, 2006
    Posts:
    697
    Location:
    FiNLAND
    I think that software itself can't check those websites but luckily hosts files are updated regularly (like MVPS).
     
  7. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    It's hard for me to believe, that it is impossible for a program to check a list of websites, if they exist or not. A program language must have commands to do this. Besides MVPS is not the only one, Hostsman has more than MVPS, Bluetack, etc.
    OK. It was just a theoretical idea. Thanks. :)
     
  8. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    You can't compare Hostsman to MVPS etc.
    Hostsman is a hosts file manager but doesn't have a hostsfile itself.

    Gerard
     
  9. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Forget about it, you don't seem to understand what I'm talking about and yes, Hostsman is not MVPS. I worked with both in the past. :)
     
  10. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    Hi.

    Well, maybe I'm on to something ...

    Can you explain a bit more about this ? (virtual and winsock?)

    I just have an old AMD Athlon XP 2800+ processor, windows xp, and no virtualization software that I know of.

    And yet I've received some spam emails, containing pictures, html disabled, 127.0.0.1 at the bottom of the header.

    (And I've read some stuff about the hosts file, I know how to use the hosts file to block things, but it's a bit too technical for me to really understand it.)
     
  11. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Sorry, I have misread this.
    Thanks for being so understandable.
    Glad you know that as well
    Worked? What work is there to be done?

    Gerard
     
  12. wat0114

    wat0114 Guest

    In simplest terms, as quoted from the link:

    The "local machine" being your machine's ip address 127.0.0.1. If you try opening one of those blacklisted sites, your host file simply slams it right into your machines address, which, of course, leads to nowhere. Otherwise if it's not in the hosts file, then it gets resolved to the proper ip address via dns, and you connect to the site.
     
  13. dave88

    dave88 Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    177
  14. Pseudo

    Pseudo Registered Member

    Joined:
    May 4, 2008
    Posts:
    193
    It's as simple as sending an HTTP request and checking what it returns. :cool:
     
  15. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Hello,
    What do you mean by exists or not?
    Does it have a zone record? Or is it active, expired etc?
    Or if there's any content on the asked-for address?
    Mrk
     
  16. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975

    I'd like to see a few features added to Hostsman or a similar util:

    1) Site checking to prune dead hosts

    2) browser integration, so you can add a site to the HOSTS file by right clicking

    3) HOSTS hit logging so the manager can prune the sites that are never or rarely linked. The most frequently hit sites can be moved to the top of the list as well, although any performance gain would be negligible.
     
  17. Joliet Jake

    Joliet Jake Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    911
    Location:
    Scotland
    AM Deadlink does this for all your bookmarks. If the people who compile the hosts lists have these sites saved in bookmarks then Deadlink would report whether they are still active or not.

    Nice bit of freeware imo.

    From their site...

    AM-DeadLink detects dead links and duplicates in browser bookmarks and text files.
     
  18. SourMilk

    SourMilk Registered Member

    Joined:
    Mar 31, 2006
    Posts:
    630
    Location:
    Hawaii
    Ahem! Mi-mi-mi! "Be it ever so humble, there's no place like 127.0.0.1" :D
     
Thread Status:
Not open for further replies.