[Full-disclosure] Re: According to Ivan, the secret ZA phone-homeserver is located at 127.0.0.1 [was Re: Re:Re: ZoneAlarm phones home]
full-disclosure2 at pchandyman.com.au
Tue Feb 7 06:43:35 GMT 2006
I say "TAKE THE SECRET SERVER DOWN"!!
I incite mass ping flooding of that ip 127.0.0.1 NOW!
Would that stop it, Ivan? Get right on it and let us know the results of
> -----Original Message-----
> From: Ivan . [mailto:ivanhec at gmail.com]
> Sent: Tuesday, 7 February 2006 9:15 AM
> To: Dave Korn
> Cc: full-disclosure at lists.grok.org.uk
> Subject: Re: [Full-disclosure] Re: According to Ivan,the
> secret ZA phone-homeserver is located at 127.0.0.1 [was Re:
> Re:Re: ZoneAlarm phones home]
> Your quite a piece fo work Dave. The "secret" server is
> acutally zonelabs.com, hence the workaround to edit the hosts
> file and map that domain to the loopback address. Do you know
> how windows hosts file works? No, here is link that may help
> you Blocking Unwanted Parasites with a Hosts File
> The work around issued by zonealarm and their response to
> this list, is proof enough for me that there was an issue and
> probably quite a few other people. But not you Dave, eh?
> On 2/7/06, Dave Korn <davek_throwaway at hotmail.com> wrote:
> > Frank Knobbe wrote:
> > >On Mon, 2006-02-06 at 14:06 +0000, Dave Korn wrote:
> > >> >> The company says it will fix the "bug" soon. In the
> meantime you
> > >> >> can
> > >> > work >around it by adding:
> > >> >> # Block access to ZoneLabs Server
> > >> >> 127.0.0.1 zonelabs.com
> > >> >> to your Windows host file.
> > >> 2) You aren't the first person in the world to mistake the
> > >> loopback interface for a routable address, but you do
> look just as
> > >> dumb as everyone else who's ever done it down the annals of
> > >> history.
> > >
> > >You might want to remove your foot from your own mouth.
> The loopback
> > >thing is a workaround
> > I'm perfectly aware of that, but if you had actually read this
> > thread you would realise that's not the issue under discussion.
> > I claimed that Cringely was spreading FUD, because he
> hadn't so much
> > as shown us a packet trace or an IP address. Ivan told me to "read
> > the article again Dave, you'll find that he did provide the
> ip address
> > of the destination servers to Zonelaram". When I point out to Ivan
> > that a) the article was not by Cringely but a second-hand report of
> > Cringely's original article, and that b) 127.0.0.1 is not the ip
> > address of the destination servers, I am correct, and the fact that
> > redirecting a hostname lookup to the loopback address is an
> > method of blocking an adbanner does not in any way
> contradict anything
> > I've said nor confirm anything Ivan said.
> > Maybe that taste of shoe leather you've noticed is coming
> from your
> > own mouth?
> > >You might want to think yourself before assailing other posters
> > >verbally. But frankly, I don't care since your email just
> > >you for my plonker list.
> > That's your choice; if you're happier reading FUD-spreading
> > mis-reported nonsense from people who don't even know the loopback
> > address when they see it rather than well-informed posts
> from people
> > who have done their background research and know the field, you're
> > going the right way about it.
> > Of course, you're the ever-so-reasonable guy whose posts
> are full of
> > emotive and pejorative terms like "presume we're all lusers", "wild
> > assumptions", "must be an idiot", "piece of shit", "satisfy
> the ego",
> > "stop sucking", so I call PKB on you, troll.
> > >Cheers,
> > >Frank
> > >
> > >PS: zonelabs.com resolves to 184.108.40.206 in case you're still
> > >wondering about an IP address.
> > Your adroitness with nslookup hardly compensates for your
> not having
> > paid any attention to the actual *content* of the
> discussion you wish
> > to contribute to.
> > >PPS: Of course that's not proof of anything. Packet traces
> would be
> > >preferred, but I'd think anyone with Zone Alarm could
> probably gather
> > >those easily.
> > If you'd care to actually look at this thread, you would
> have seen
> > that that is the main point of my original post.
> > >(...Why do I even care...)
> > You clearly don't care enough to read the thread and try
> and follow
> > the argument you're responding to. I suggest that if you
> don't care
> > that much, you really shouldn't bother writing a half-baked
> > that utterly misses the point.
> > cheers,
> > DaveK
> > --
> > Can't think of a witty .sigline today....
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
Full-Disclosure is hosted and sponsored by Secunia.