RE: Re: According to Ivan, the secret ZA phone-homeserver is located at 127.0.0.1 [was Re: Re:Re: ZoneAlarm phones home]

["Greg" <full-disclosure2 () pchandyman com au>]

I say "TAKE THE SECRET SERVER DOWN"!!

I incite mass ping flooding of that ip 127.0.0.1 NOW!

Would that stop it, Ivan? Get right on it and let us know the results of
your tests. 






> -----Original Message-----
> From: Ivan . [mailto:ivanhec () gmail com] 
> Sent: Tuesday, 7 February 2006 9:15 AM
> To: Dave Korn
> Cc: full-disclosure () lists grok org uk
> Subject: Re: [Full-disclosure] Re: According to Ivan,the 
> secret ZA phone-homeserver is located at 127.0.0.1 [was Re: 
> Re:Re: ZoneAlarm phones home]
>
>
> Your quite a piece fo work Dave. The "secret" server is 
> acutally zonelabs.com, hence the workaround to edit the hosts 
> file and map that domain to the loopback address. Do you know 
> how windows hosts file works? No, here is link that may help 
> you Blocking Unwanted Parasites with a Hosts File 
> http://www.mvps.org/winhelp2002/hosts.htm
>
> The work around issued by zonealarm and their response to 
> this list, is proof enough for me that there was an issue and 
> probably quite a few other people. But not you Dave, eh?
>
> On 2/7/06, Dave Korn <davek_throwaway () hotmail com> wrote:
> > Frank Knobbe wrote:
> > > On Mon, 2006-02-06 at 14:06 +0000, Dave Korn wrote:
> > > > > > The company says it will fix the "bug" soon. In the 
> meantime you 
> > > > > > can
> > > > > work >around it by adding:
> > > > > > # Block access to ZoneLabs Server
> > > > > > 127.0.0.1 zonelabs.com
> > > > > > to your Windows host file.
> >
> > > >   2)  You aren't the first person in the world to mistake the 
> > > > loopback interface for a routable address, but you do 
> look just as 
> > > > dumb as everyone else who's ever done it down the annals of 
> > > > history.
> > >
> > > You might want to remove your foot from your own mouth. 
> The loopback 
> > > thing is a workaround
> >
> >   I'm perfectly aware of that, but if you had actually read this 
> > thread you would realise that's not the issue under discussion.
> >
> >  I claimed that Cringely was spreading FUD, because he 
> hadn't so much 
> > as shown us a packet trace or an IP address.  Ivan told me to "read 
> > the article again Dave, you'll find that he did provide the 
> ip address 
> > of the destination servers to Zonelaram".  When I point out to Ivan 
> > that a) the article was not by Cringely but a second-hand report of 
> > Cringely's original article, and that b) 127.0.0.1 is not the ip 
> > address of the destination servers, I am correct, and the fact that 
> > redirecting a hostname lookup to the loopback address is an 
> effective 
> > method of blocking an adbanner does not in any way 
> contradict anything 
> > I've said nor confirm anything Ivan said.
> >
> >   Maybe that taste of shoe leather you've noticed is coming 
> from your 
> > own mouth?
> >
> > > You might want to think yourself before assailing other posters 
> > > verbally. But frankly, I don't care since your email just 
> qualified 
> > > you for my plonker list.
> >
> >   That's your choice; if you're happier reading FUD-spreading 
> > mis-reported nonsense from people who don't even know the loopback 
> > address when they see it rather than well-informed posts 
> from people 
> > who have done their background research and know the field, you're 
> > going the right way about it.
> >
> >   Of course, you're the ever-so-reasonable guy whose posts 
> are full of 
> > emotive and pejorative terms like "presume we're all lusers", "wild 
> > assumptions", "must be an idiot", "piece of shit", "satisfy 
> the ego", 
> > "stop sucking", so I call PKB on you, troll.
> >
> > > Cheers,
> > > Frank
> > >
> > > PS: zonelabs.com resolves to 208.185.174.44 in case you're still 
> > > wondering about an IP address.
> >
> >   Your adroitness with nslookup hardly compensates for your 
> not having 
> > paid any attention to the actual *content* of the 
> discussion you wish 
> > to contribute to.
> >
> > > PPS: Of course that's not proof of anything. Packet traces 
> would be 
> > > preferred, but I'd think anyone with Zone Alarm could 
> probably gather 
> > > those easily.
> >
> >   If you'd care to actually look at this thread, you would 
> have seen 
> > that that is the main point of my original post.
> >
> > > (...Why do I even care...)
> >
> >   You clearly don't care enough to read the thread and try 
> and follow 
> > the argument you're responding to.  I suggest that if you 
> don't care 
> > that much, you really shouldn't bother writing a half-baked 
> response 
> > that utterly misses the point.
> >
> >     cheers,
> >       DaveK
> > --
> > Can't think of a witty .sigline today....
> >
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/