RE: [Full-disclosure] Re: According to Ivan, the secret ZA phone-homeserver is located at 127.0.0.1 [was Re: Re:Re: ZoneAlarm phones home]



I say "TAKE THE SECRET SERVER DOWN"!!

I incite mass ping flooding of that ip 127.0.0.1 NOW!

Would that stop it, Ivan? Get right on it and let us know the results of
your tests.






-----Original Message-----
From: Ivan . [mailto:ivanhec@xxxxxxxxx]
Sent: Tuesday, 7 February 2006 9:15 AM
To: Dave Korn
Cc: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Re: According to Ivan,the
secret ZA phone-homeserver is located at 127.0.0.1 [was Re:
Re:Re: ZoneAlarm phones home]


Your quite a piece fo work Dave. The "secret" server is
acutally zonelabs.com, hence the workaround to edit the hosts
file and map that domain to the loopback address. Do you know
how windows hosts file works? No, here is link that may help
you Blocking Unwanted Parasites with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

The work around issued by zonealarm and their response to
this list, is proof enough for me that there was an issue and
probably quite a few other people. But not you Dave, eh?

On 2/7/06, Dave Korn <davek_throwaway@xxxxxxxxxxx> wrote:
Frank Knobbe wrote:
On Mon, 2006-02-06 at 14:06 +0000, Dave Korn wrote:
The company says it will fix the "bug" soon. In the
meantime you
can
work >around it by adding:
# Block access to ZoneLabs Server
127.0.0.1 zonelabs.com
to your Windows host file.

2) You aren't the first person in the world to mistake the
loopback interface for a routable address, but you do
look just as
dumb as everyone else who's ever done it down the annals of
history.

You might want to remove your foot from your own mouth.
The loopback
thing is a workaround

I'm perfectly aware of that, but if you had actually read this
thread you would realise that's not the issue under discussion.

I claimed that Cringely was spreading FUD, because he
hadn't so much
as shown us a packet trace or an IP address. Ivan told me to "read
the article again Dave, you'll find that he did provide the
ip address
of the destination servers to Zonelaram". When I point out to Ivan
that a) the article was not by Cringely but a second-hand report of
Cringely's original article, and that b) 127.0.0.1 is not the ip
address of the destination servers, I am correct, and the fact that
redirecting a hostname lookup to the loopback address is an
effective
method of blocking an adbanner does not in any way
contradict anything
I've said nor confirm anything Ivan said.

Maybe that taste of shoe leather you've noticed is coming
from your
own mouth?

You might want to think yourself before assailing other posters
verbally. But frankly, I don't care since your email just
qualified
you for my plonker list.

That's your choice; if you're happier reading FUD-spreading
mis-reported nonsense from people who don't even know the loopback
address when they see it rather than well-informed posts
from people
who have done their background research and know the field, you're
going the right way about it.

Of course, you're the ever-so-reasonable guy whose posts
are full of
emotive and pejorative terms like "presume we're all lusers", "wild
assumptions", "must be an idiot", "piece of ***", "satisfy
the ego",
"stop sucking", so I call PKB on you, troll.

Cheers,
Frank

PS: zonelabs.com resolves to 208.185.174.44 in case you're still
wondering about an IP address.

Your adroitness with nslookup hardly compensates for your
not having
paid any attention to the actual *content* of the
discussion you wish
to contribute to.

PPS: Of course that's not proof of anything. Packet traces
would be
preferred, but I'd think anyone with Zone Alarm could
probably gather
those easily.

If you'd care to actually look at this thread, you would
have seen
that that is the main point of my original post.

(...Why do I even care...)

You clearly don't care enough to read the thread and try
and follow
the argument you're responding to. I suggest that if you
don't care
that much, you really shouldn't bother writing a half-baked
response
that utterly misses the point.

cheers,
DaveK
--
Can't think of a witty .sigline today....



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/