dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
4180
share rss forum feed


altermatt
Premium
join:2004-01-22
White Plains, NY
Reviews:
·Verizon FiOS

2 recommendations

iesnare

Surprised not to find anything here posted on this (at least according to site search). "iesnare" is apparently a tracking, flash-cookie based bug planted by a number of sites, including gambling sites (which I've never used). Shortly after I updated my Flash to the latest, I noticed in TCPView a connection to iesnare that was waiting to close. I did a search and found out what it was. Apparently this is a bug that allows a site to validate that you are using a consistent identity on the Net. Most of the info I could find on this was on sites for online gamblers (again, never did any online gambling and hadn't seen this mentioned on any security sites I do frequent.)

They said you'd find both cookies and files with either iesnare or mpsnare.iesnare in the name, none of which I found---only the open connection in the TimeWait box in TCP View. However, to play it safe, I followed directions I found to supposedly block this from tracking/installing. Here are the instructions I found in case anyone else is interested:

1. enter iesnare.com, www.iesnare.com, mpsnare.iesnare.com and ci-mpsnare.iovation.com in your hosts file. I was surprised not to find any references to any of these in the latest MVPS hosts file, and added them myself.

2. in Flash's settings manager website storage panel, select mpsnare.iesnare from list and delete. I personally did not find any entry, nor was anything related in my cookies.

3. enter iesnare.com in IE's "block cookies" settings.

Hope this helps. Wonder if anyone has any other info on this, though it is no longer a concern to me. Still don't know what site opened the connection in the first place (haven't seen it since), and again, it happened right after upgrading Flash.
--
The truth of a thing is the feel of it, not the think of it. -- Stanley Kubrick



JALevinworth

@embarqhsd.net

Good post and info here, altermatt See Profile. Thanks for sharing.

-Jim



therube

join:2004-11-11
Randallstown, MD
reply to altermatt

I found "iesnare" under the Flash directory & also as a cookie (on a particular users system I had backed up).

\Users\Faith\AppData\Roaming\Macromedia\Flash Player\*
 
& a cookie, melissa@iesnare[1].txt:
 
visitedIams
http://us.iams.com/iams/en_US/jsp/IAMS_Page.jsp?pageID=DHP|1274475128194
iams.com/
1536
835554304
30813526
 

Cookie dated 05/11/2010 & the Flash entries 01/28/2011.

art22gg
Premium
join:2005-02-16
Courtenay, BC
kudos:6
reply to altermatt

Thanks for the info....



Dude111
An Awesome Dude
Premium
join:2003-08-04
USA
kudos:12
reply to altermatt

 

I wonder if the site went down....I get no response when i goto iesnare.com



AVD
Respice, Adspice, Prospice
Premium
join:2003-02-06
Onion, NJ
kudos:1

maybe they don't have a http server running on port 80



Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:10
reply to Dude111

»dnsw.info/iesnare.com



Dude111
An Awesome Dude
Premium
join:2003-08-04
USA
kudos:12

Ahhh thanx for the info you 2.....



Cartel

join:2006-09-13
Chilliwack, BC
kudos:2
reply to altermatt

Re: iesnare

Don't forget AppData\Roaming\Adobe\Flash Player
Ccleaner don't even clean it.



Juggernaut
Irreverent or irrelevant?
Premium
join:2006-09-05
Kelowna, BC
kudos:2
reply to altermatt

Better Privacy (FF extension) seems to take care of this nuisance. I see it no where on my system.



FF4me

@rr.com
reply to altermatt

»www.robtex.com/dns/iesnare.com.html

at least three other hosts share name servers under another name with this domain. Mpsnare.iesnare.com, snare.iesnare.com and dra.iesnare.com are subdomains to this hostname.

You might also be interested in similar looking domain names: iesna.com, iesnap.com, iesnama.com, iesnazari.com, iesnare.us and iesnc.com. Also check www.iesnare.com.



altermatt
Premium
join:2004-01-22
White Plains, NY
Reviews:
·Verizon FiOS
reply to JALevinworth

said by JALevinworth :

Thanks for sharing.

YW. I was particularly struck that this was not included in the latest MVPS hosts file, though to my mind this qualifies perfectly since it's a tracking/id cookie and apparently includes an app that some people find on their systems, though I didn't.
--
The truth of a thing is the feel of it, not the think of it. -- Stanley Kubrick


caffeinator
Coming soon to a cup near you..
Premium
join:2005-01-16
WA, USA
kudos:4
Reviews:
·CenturyLink
reply to altermatt

Click for full size
Thanks Matt, I've added those entries to my HOSTS file with the HostsMan Editor.


therube

join:2004-11-11
Randallstown, MD

And what do you do when they set up a new domain, iesnare2.com?
And for how long will you be "vulnerable" to this iesnare2.com until you realize it exists & block it?

And what do you do when they set up a new domain, iesnare_yet_again.com ...

(Oh yeah, we don't have to worry, the government will step in & just take them down.)



Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:10
reply to caffeinator

Click for full size
There are some others too.


AVD
Respice, Adspice, Prospice
Premium
join:2003-02-06
Onion, NJ
kudos:1
reply to therube

you put a mask in adblock