Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: Re: According to Ivan, the secret ZA phone-homeserver is located at 127.0.0.1 [was Re: Re:Re: ZoneAlarm phones home]
From: "Greg" <full-disclosure2 () pchandyman com au>
Date: Tue, 7 Feb 2006 17:43:35 +1100



I say "TAKE THE SECRET SERVER DOWN"!!

I incite mass ping flooding of that ip 127.0.0.1 NOW!

Would that stop it, Ivan? Get right on it and let us know the results of
your tests. 






-----Original Message-----
From: Ivan . [mailto:ivanhec () gmail com] 
Sent: Tuesday, 7 February 2006 9:15 AM
To: Dave Korn
Cc: full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] Re: According to Ivan,the 
secret ZA phone-homeserver is located at 127.0.0.1 [was Re: 
Re:Re: ZoneAlarm phones home]


Your quite a piece fo work Dave. The "secret" server is 
acutally zonelabs.com, hence the workaround to edit the hosts 
file and map that domain to the loopback address. Do you know 
how windows hosts file works? No, here is link that may help 
you Blocking Unwanted Parasites with a Hosts File 
http://www.mvps.org/winhelp2002/hosts.htm

The work around issued by zonealarm and their response to 
this list, is proof enough for me that there was an issue and 
probably quite a few other people. But not you Dave, eh?

On 2/7/06, Dave Korn <davek_throwaway () hotmail com> wrote:
Frank Knobbe wrote:
On Mon, 2006-02-06 at 14:06 +0000, Dave Korn wrote:
The company says it will fix the "bug" soon. In the 
meantime you 
can
work >around it by adding:
# Block access to ZoneLabs Server
127.0.0.1 zonelabs.com
to your Windows host file.

  2)  You aren't the first person in the world to mistake the 
loopback interface for a routable address, but you do 
look just as 
dumb as everyone else who's ever done it down the annals of 
history.

You might want to remove your foot from your own mouth. 
The loopback 
thing is a workaround

  I'm perfectly aware of that, but if you had actually read this 
thread you would realise that's not the issue under discussion.

 I claimed that Cringely was spreading FUD, because he 
hadn't so much 
as shown us a packet trace or an IP address.  Ivan told me to "read 
the article again Dave, you'll find that he did provide the 
ip address 
of the destination servers to Zonelaram".  When I point out to Ivan 
that a) the article was not by Cringely but a second-hand report of 
Cringely's original article, and that b) 127.0.0.1 is not the ip 
address of the destination servers, I am correct, and the fact that 
redirecting a hostname lookup to the loopback address is an 
effective 
method of blocking an adbanner does not in any way 
contradict anything 
I've said nor confirm anything Ivan said.

  Maybe that taste of shoe leather you've noticed is coming 
from your 
own mouth?

You might want to think yourself before assailing other posters 
verbally. But frankly, I don't care since your email just 
qualified 
you for my plonker list.

  That's your choice; if you're happier reading FUD-spreading 
mis-reported nonsense from people who don't even know the loopback 
address when they see it rather than well-informed posts 
from people 
who have done their background research and know the field, you're 
going the right way about it.

  Of course, you're the ever-so-reasonable guy whose posts 
are full of 
emotive and pejorative terms like "presume we're all lusers", "wild 
assumptions", "must be an idiot", "piece of shit", "satisfy 
the ego", 
"stop sucking", so I call PKB on you, troll.

Cheers,
Frank

PS: zonelabs.com resolves to 208.185.174.44 in case you're still 
wondering about an IP address.

  Your adroitness with nslookup hardly compensates for your 
not having 
paid any attention to the actual *content* of the 
discussion you wish 
to contribute to.

PPS: Of course that's not proof of anything. Packet traces 
would be 
preferred, but I'd think anyone with Zone Alarm could 
probably gather 
those easily.

  If you'd care to actually look at this thread, you would 
have seen 
that that is the main point of my original post.

(...Why do I even care...)

  You clearly don't care enough to read the thread and try 
and follow 
the argument you're responding to.  I suggest that if you 
don't care 
that much, you really shouldn't bother writing a half-baked 
response 
that utterly misses the point.

    cheers,
      DaveK
--
Can't think of a witty .sigline today....



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]