Jump to content

about the Hosts file


Marcus
 Share

Recommended Posts

  • Staff
1. why do we have 127.0.0.1 as the local address? That address just looks odd. There doesn't seem to me to be any mathematical logic to IP address allocation or perhaps there is and I cannot see it. Why the "1" at the end or indeed why have "127" at all? I could understand an address of, say, 1.0.0.0 or 0.0.0.1 or even 1.1.1.1. But "127"?

2. Vista doesn't have 0.0.0.0 as a local host. It's not listed in the default Vista Hosts file although it's present in XP's. Why is this?

Here's a copy of the default XP HOSTS file, please identify where you see 0.0.0.0 :) :
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

3. Could the Hosts file be password-protected up to and including, say, Administrator-level of privilege so that, for example write-access (without entering a password) would only be available at Trusted Installers' level of privilege (or the one just below it which I think is SYSTEM). Would that not help in mitigating a Hosts' file > browser hijack?
Nope, it's just a file like any other. The only thing you can do to protect it is the same as any other file or directory on your system, while this does allow for some limitations, password protection isn't one of them. Again, even if you used the TrustedInstaller, what makes you think malware couldn't simply use that user token to make changes to your system? How do you think malware is able to patch core system files that you as an administrator can't even touch :) ?
Link to post
Share on other sites

..can't see it at all..:)..in that file.

@ exile - my bad...Just been reading the relevant article on thebleepingcomputer website; you're quite right about the 0.0.0.0 address not being in XP Hosts. It doesn't appear to be a normal IP address at all.

But this is not what I remember about that file in my copy of Windows XP Pro SP2

Was there any change in default Hosts in XP with such factors as SPs, different production runs, the numerous updates, whether it's an OEM or a retail box version?

@ noknojon - I'm not the world's fastest typist (especially on Boxing Day!) and it takes a while for me to read and digest technical information so please bear with me. And then there's all that thinking going on in the old brain :)

Link to post
Share on other sites

But this is not what I remember about that file in my copy of Windows XP Pro SP2

I see you are using Windows XP Service Pack 2 and SP3 has been available for over a year and provides many Critical Updates plus performance improvements.

You need to start Internet Explorer then go to Tools then Windows Update and download all of the available updates.

Go to Control Panel then Automatic Updates then select Automatic (recommended) or at least Notify me but don't automatically download or install them.

Go to Secunia Online Software Inspector then run it to see what other applications are vulnerable:

http://secunia.com/vulnerability_scanning/online

I'm still stuffed from my Christmas dinner and the coffee is kicking in.

HostsServer part of HostsMan application is a browser speedup proxy that shows the effectiveness of the HOSTS file and logs its effectiveness if you Enable log and Log referrer in its Preferences:

http://forum.abelhadigital.com/index.php?showtopic=553

Link to post
Share on other sites

...er..no. Not XP. 32-bit retail box ver. of Vista Business, SP2 with IE7.

Had taken off XP Pro SP2 N-edition off the computer a while ago (it was also a retail box ver.)

You sound if you've had a tad too much to eat, YoKenny. May the joys of a good gustatory experience be with you. :)

Chill, man, in the armchair with a brandied filter coffee in hand and snooze for a while! :)

Link to post
Share on other sites

From http://en.wikipedia.org/wiki/Loopback:

Correspondingly, the Internet Protocol (IP) specifies a loopback network. In IPv4 this is the network with the CIDR prefix 127/8 (RFC 3330). The most commonly used IP address on the loopback device is 127.0.0.1 for IPv4, although any address in the range 127.0.0.0 to 127.255.255.255 is mapped to it.

Technically speaking, you could use any IP address from the 127.0.0.0/8 or 127.0.0.0 / 255.0.0.0 range in your HOSTS file and it would still point to your network adapter. 127.0.0.1 is just the most popular :) I hope this helps.

Regards,

Keith

Link to post
Share on other sites

Would somebody explain this to me and / or provide a link to some reading on this please.

Why would you need a HOSTS file, any HOSTS file or files, if you have MBAM's IP blocker turned on? I just know there must be a simple answer to this but the more I turn it over in my head the less I'm able to think clearly about this.

Clearly-expressed and relevant answers please just here (or on a postcard to...haha...:))

Now, no sarcasm please at my pathetic knowledge-level 'bout this.

Link to post
Share on other sites

Marcus, lets go back to the begining of the Internet:

What is the Hosts file?

http://accs-net.com/hosts/what_is_hosts.html

Hosts file

http://en.wikipedia.org/wiki/Hosts_file

Blocking Unwanted Parasites with a Hosts File

http://www.mvps.org/winhelp2002/hosts.htm

I found them hard to put on a postcard. :)

Link to post
Share on other sites

  • Staff
Would somebody explain this to me and / or provide a link to some reading on this please.

Why would you need a HOSTS file, any HOSTS file or files, if you have MBAM's IP blocker turned on?

2 primary reasons I can think of and they're actually quite simple:

  1. Just as with all other forms of malware, MBAM's IP Protection cannot cover everything, as good as Steven is, there's no way he can possibly keep track of each and every malicious IP on the internet, it's just not possible :) .
  2. The last time I checked, MBAM's IP Protection did not block ads, something that a HOSTS file can certainly allow you to do.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.