dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
1063
hayduke4
join:2014-01-09
United State

hayduke4

Member

Hosts

I'm using Windows 7 & IE 11. Just noticed I have the following entry in my hosts file. I don't recall ever seeing such an entry in a hosts file before but then again I don't poke around in the inner workings of my computer as much as I used to. Can anyone tell me if this is normal & what it does?
# ::1 localhost

Thanks,
Hayduke
dave
Premium Member
join:2000-05-04
not in ohio

1 recommendation

dave

Premium Member

If it were not commented out (by '#'), it would equate the name 'localhost' to the IPv6 address ::1

::1 is shorthand for
0000:0000:0000:0000:0000:0000:0000:0001

It's equivalent to saying (in IPv4) '127.0.0.1 localhost'
hayduke4
join:2014-01-09
United State

hayduke4

Member

Thank you.
Hayduke

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC

1 recommendation

siljaline to hayduke4

Premium Member

to hayduke4
Mine (MVPS Hosts) has the below as first entries prior to the actual contents. If this
helps any.

127.0.0.1 localhost

::1 localhost #[IPv6]

dave
Premium Member
join:2000-05-04
not in ohio

2 recommendations

dave to hayduke4

Premium Member

to hayduke4
I had an IM asking 'why do people always say you have to have that entry there' or words to that effect?

It's not mysterious. Firstly, the hosts file is simply a name-to-address translation table. Nothing more. It exists from pre-DNS days, as the main mechanism when the world was smaller. (It is not a security feature, even though it gets misused as one).

So if you want to connect to foo.bar.com, you look it up in hosts to get the address. Contrariwise, if you have an address and want to get the corresponding hostname, look up the address in hosts to get the name.

One host can have more than one address. This has long since been true.

With the advent of IPv6, the 'more than one address' can also mean a mixture of IPv4 and IPv6 addresses.

The name 'localhost' has not traditionally been special. It is conventionally the name that is used for (duh) the local host: a program wanting to make a connection to a program on the local machine may use the name 'localhost'. That way, there's no need to find out the 'real' hostname of the local machine.

BUT: (1) such a program may just embed the loopback address (127.0.0.1 or ::1) in its source code, since it's well-known, (2) I think the Microsoft implementation may well hardwire those name/address translations in the DNS client, to avoid problems with people who mistakenly remove the names.

So as to whether you "need" particular definitions:

1. Maybe, maybe not. Depends on your programs. It won't harm anything to have it.
2. If you're not using IPv6 you don't need an IPv6 definition.

In summary: as usual, if you don't have what the programming community considers to be standard features of any system, some programs may not work.
hayduke4
join:2014-01-09
United State

hayduke4

Member

I didn't send any instant message to my knowledge as your first response let me know the entry wasn't malicious.

Thanks for the additional info though.
Hayduke
dave
Premium Member
join:2000-05-04
not in ohio

dave

Premium Member

Nope, not you. I omitted the sender's name as it wasn't really relevant to my exposition, and a residual reluctance to transfer IMs to public forums without notifying the sender. Not that I think he|she would object in this case, it wasn't particularly private. I just figured it would be more useful to post the answer here in case anyone else cared.

kvn864
join:2001-12-18
Sun City, AZ

kvn864

Member

this is from host file on Windows 8.1 Pro
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost

I think it is normal and 3rd line is for IP v6

Dustyn
Premium Member
join:2003-02-26
Ontario, CAN

Dustyn

Premium Member

This is what I have:
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost

DarkLogix
Texan and Proud
Premium Member
join:2008-10-23
Baytown, TX

DarkLogix

Premium Member

ya if localhost wasn't hard coded into the DNS client then a hacker that wants to spy on you could just add

hacker's IP localhost

then they could relay the data back while monitoring what you sent him, you know what I think there might be some flaws in that for a hack but still it'd be able to totally mess you up.
TheWiseGuy
Dog And Butterfly
MVM
join:2002-07-04
East Stroudsburg, PA

TheWiseGuy

MVM

Running Windows 7

added

192.168.100.1 localhost

typed localhost into Browser and went to Modem status page.

So entries in the hosts file are still checked first and if there are no entries it appears then Windows handles name resolution within DNS itself.

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC

siljaline to hayduke4

Premium Member

to hayduke4
If in doubt of the contents of your custom Hosts file, you may always revert to default settings

DarkLogix
Texan and Proud
Premium Member
join:2008-10-23
Baytown, TX

DarkLogix to TheWiseGuy

Premium Member

to TheWiseGuy
said by TheWiseGuy:

Running Windows 7

added

192.168.100.1 localhost

typed localhost into Browser and went to Modem status page.

So entries in the hosts file are still checked first and if there are no entries it appears then Windows handles name resolution within DNS itself.

I wonder if there's any virus making use of that.

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC

siljaline

Premium Member

said by DarkLogix:

I wonder if there's any virus making use of that.

Define how adding lines (entries) to your Hosts file is associated somehow with a virus.

DarkLogix
Texan and Proud
Premium Member
join:2008-10-23
Baytown, TX

DarkLogix

Premium Member

said by siljaline:

said by DarkLogix:

I wonder if there's any virus making use of that.

Define how adding lines (entries) to your Hosts file is associated somehow with a virus.

Well a virus could add entries that make something that's not yahoo come up when you go to yahoo.

or make any thing that's looking for localhost get sent to someone.

I'm not saying the user adding lines would be like a virus just that a virus could add lines in a malicious way.

Chubbzie
join:2014-02-11
Greenville, NC

Chubbzie

Member

In essence a locally based DNS highjack?

norwegian
Premium Member
join:2005-02-15
Outback

1 recommendation

norwegian

Premium Member

I would think most spam bots, malware hosts, and anything else related to automation in that sense (harvesting) would use that method.

The more in the hive the more value to a prospective client, if they were that organised and not just kids messing.

A basic tutorial:
»www.ghacks.net/2011/03/0 ··· ts-file/

Some of the all time greatest resources:
(Gees I miss CastleCops)
»www.bleepingcomputer.com ··· plained/
»winhelp2002.mvps.org/hosts.htm

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC

siljaline to DarkLogix

Premium Member

to DarkLogix
Malware would target the entire Hosts file but we generally don't see this much these days although there's tools (cited) to reset your file to defaults.

Adding lines or commenting in can be risky business as it may trump an existing rule or entry. Many add lines for added security although there are other ways of protecting against a known threat that shows up in your day like adding a site to IE Restricted Zone and so on ...

DarkLogix
Texan and Proud
Premium Member
join:2008-10-23
Baytown, TX

DarkLogix

Premium Member

said by siljaline:

Malware would target the entire Hosts file but we generally don't see this much these days although there's tools (cited) to reset your file to defaults.

Adding lines or commenting in can be risky business as it may trump an existing rule or entry. Many add lines for added security although there are other ways of protecting against a known threat that shows up in your day like adding a site to IE Restricted Zone and so on ...

They could add lines to the start and then **** up the security permissions to make it hard to fix
hayduke4
join:2014-01-09
United State

hayduke4 to dave

Member

to dave
Oh ok. had me worried for a second there. Thought maybe my username and password here at dslreports had been compromised and someone was sending IMs using my account.

Again, I appreciate you and everyone here at dslreports for all your help.

Hayduke

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC

siljaline to norwegian

Premium Member

to norwegian
Bleeping is (still) using ads via IntelliTXT

0.0.0.0 bleepingcomputer.us.intellitxt.com