Just Installed ZA pro, got strange request for outgoing permission?

Discussion in 'other firewalls' started by Jeremy2, Dec 6, 2004.

Thread Status:
Not open for further replies.
  1. Jeremy2

    Jeremy2 Registered Member

    Joined:
    Aug 17, 2004
    Posts:
    72
    Hi all,
    I just installed ZA pro, 5.5.062.004, and when I lunched my browser, Firefox, home page (google), it asked for
    permission, but the strange thing it asked to connect to 127.0.0.1.
    I gave the permission, and it connected to google.

    The same behavior for other application, Thunderbird, KAV update.
    So either the request for permission is for the loopback IP, or the DNS IP.

    I just moved from Sygate (bacause of loopback vulnaribility, and ressource usage), where each application when it makes a request for permission, it's for the desired destination IP, not the loopback or the DNS as it's the case with ZA.

    Why is this behavior of ZA? Or Am I missing something?
    Just for comparison:

    In the SPF logs, the destination IP address is the different sites visited by the application

    In the ZA logs, the destination IP address, is either loopback IP or DNS IP

    Thanks for your help
     
  2. Jeremy2

    Jeremy2 Registered Member

    Joined:
    Aug 17, 2004
    Posts:
    72
    Anyone got an idea what's happening?
    I'm on trial version of ZA pro, if this looks like an issue, I will not pay for it, and go and test other firewall.
     
  3. Wraith

    Wraith Registered Member

    Joined:
    Dec 3, 2004
    Posts:
    23
    I'm new to ZA myself but I had tried Outpost before. Seems on their forum it was said that this is normal to a point. 127.0.0.1 is how your computer identifies itself especially w/ Mozilla products. You might skip over to that forum located here: http://outpostfirewall.com/forum/forumdisplay.php?f=45
    and see what info you can find on that particular issue. They're very knowledgeable over there, at least some are.
     
  4. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi Jeremy2

    It is normal for some applications to use the localhost address while connected to the Internet as part of their functionality.

    Is that in addition to other remote addresses (ie. web servers)?
    Are you using a proxy at all?

    Regards,

    CrazyM
     
  5. Jeremy2

    Jeremy2 Registered Member

    Joined:
    Aug 17, 2004
    Posts:
    72
    I know it's normal for an application to connect to localhost, specially for Mozilla product (Firefox, and thunderbird).

    However, what made me feel unsecure, is that I have never been asked permission to connect to any web site, or make any software update. Just localhost and DNS, si I never knew, what the applications were doing.

    Yes, I used a proxy, but only for the browser, and then uninstall it, because I though that was the issue. However, the behavior of ZA, is the same regarding all the application, whether they go through a proxy or not.

    Anyway, I was on trial for ZA, curently I switched to outpost, and so far it works fine for me.
     
  6. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Mozilla/Firefox does make a network connection to itself on startup - this is likely the 127.0.0.1 connection you are seeing, it is apparently to do with the Password Manager feature. If you do not use this, then you can block it without any problems, unless you are running a local proxy webfilter (like WebWasher or Proxomitron) in which case traffic to 127.0.0.1 needs to be allowed (though you can restrict it to just the port used by the proxy - 8080 by default in most cases).
     
  7. johng

    johng Guest

    There are many programs that use the Windows localhost services when moving data. This service does not access external sites and so only requires "Local" server permission (for that program alone). Internet Server permission for that program need not be allowed in most cases.
    In ZAP, you can verify the program trying to access the localhost by setting your Alerts to Medium or High, then check the Program log to view the name. If you don't recognize any program in the log, search for it on Google for the answer...
    Also, it's also useful to obtain the IP address for your DNS server from your ISP or use IPCONFIG.exe in a batch file from the desktop. You can also look for logged alerts in the ZAP program log from your DNS servers - it points to an IP having ":53" after the address. You can verify the site by entering the IP address into your favorite WHOIS (eg. SamSpade).
    Both addresses. 127.0.0.1 (localhost) and your DNS server's IPs can safely be entered into your "Trusted" sites list in ZAP.
     
  8. Diver

    Diver Guest

Loading...
Thread Status:
Not open for further replies.