Results 1 to 6 of 6

Thread: Applications access to 127.0.0.1

  1. #1
    willow Guest

    Default Applications access to 127.0.0.1

    Hi All,
    I've recently started receiving zone alarm prompts noting that applications are trying to access the trusted zone.
    The most common warning are noting that the destination IP is 127.0.0.1:Port ####
    I get this everytime with Microsoft messenger. I can see why messenger would need to connect to my loop back adapter address. Please note that the port number varies.
    I also receive
    warnings that Windows media player is trying to access the trusted zone (127.0.0.1:Port ####). I deny any application accessing the loop back adapter address as it seems suspect. However, it's preventing me from using messenger and other applications.
    In the past I've had warnings that
    inetinfo
    is trying to access the trusted
    zone (127.0.0.1:Port ####), as well as prompts about iexplore.exe
    trying to access destination IP 127.0.0.1:Port ####
    Am I right to
    prevent
    all apps accessing 127.0.0.1, or
    should I only worry about
    external IP addresses?
    Any help with this one would be great.
    ThanksButters
    FYI: I use the free version of zone alarm on my machine.




    Operating System:Windows XP Pro
    Product Name:ZoneAlarm (Free)
    Software Version:

  2. #2
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Applications access to 127.0.0.1

    Yes, these are perfectly safe and very normal. Plus the browsers and the AV will need 127.0.0.1 access. With different ports at different times.

    The 127.0.0.1 should be listed as Trusted in the Zones of the Firewall of the ZA. That would stop these alerts and make things a little smoother. So should the DNS and the DHCP servers. Like this...

    1. Go to Run type in command, hit OK, and type ipconfig /all then press enter. In the returned data list will be a line DNS and DHCP Servers with the IP address(s) listed out to the side
    2. In ZA on your machine on the Firewall>Zones tab click Add and then select IP Address. Make sure the Zone is set to Trusted
    3. Click OK and then Apply for each one.
    4. The localhost or loopback must be listed as Trusted. It has the address of 127.0.0.1
    5 The Generic Host Process or the svchost.exe listed in the Program list must have both Trusted and Internet access and it must have server rights for the Trusted Zone, but not the Internet Zone.

    http://zonelabs.donhoover.net/dnsdhcp.html

    http://www.microsoft.com/resources/d....mspx?mfr=true

    This may also fix any other issues that could be happening or not even noticed.
    Cheers.
    Oldsod
    Best regards.
    oldsod

  3. #3
    willow Guest

    Default Re: Applications access to 127.0.0.1

    Thanks OldSod,
    Great help. I've allowed access to my loopback address, but now get prompted
    with another IP address. In this instance it's 65.54.179.203:HTPPS. Am I right in thinking that this is the server that provides Messenger access?
    Also, I was promted to allow Windows Media Player to connect to the internet after allowing it to connect to the loopback address, as above with an IP address stated. Not sure why this is but wondered if it had anything to do with Windows geniune notification patch/tool? I installed this fairly recently and wandered if some of the warnings I'm now getting could be down to that.
    Thanks for your help so far.
    Much appreciated.
    Willow

  4. #4
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Applications access to 127.0.0.1

    Hi Willow

    That is quite possible that is from the messenger...

    http://www.fixedorbit.com/cgi-bin/cg...&submit=Search

    ASP 8075
    MICROSOFT-CORP---MSN-AS-BLOCK

    Range:
    65.54.160.0 thru
    65.54.191.255

    http://www.dnsstuff.com/tools/whois....=65.54.179.203

    Plus windows messenger does use the HTTPS or secure http.So this is very likely.

    There are several major IP ranges for MSN, windows updates, live, hotmail, microsoft.com just for North America alone. Windows media player would be accesing the microsoft metworks for update checks and as most users, the media store is probably enabled. This will go out for getting the latest songs/video to sell to you.

    One of the best ways to track things and their internet activity is to check the ZA logs. All communication and to where and by what is logged for us to check over at leisure and really get a good understanding of things.

    Best regards.
    Oldsod
    Best regards.
    oldsod

  5. #5
    willow Guest

    Default Re: Applications access to 127.0.0.1

    Thanks OldSod,
    Really appreciate your help.
    Regards
    Willow

  6. #6
    mr_bliss Guest

    Default Re: Applications access to 127.0.0.1

    <blockquote><hr>Oldsod wrote:
    Yes, these are perfectly safe and very normal.</blockquote>
    I've been having strange behavior on my machine where dns and tcip/ip routing stops working and I'm forced to reboot. I installed ZoneAlarm as I was concerned that my machine had possibly become exploited and I wanted to track outbound network traffic. I was very surprised to see IE sending packets to 127.0.0.1 on startup before issuing a dns query and page request for the default homepage. It seemed even stranger than blocking this connection attempt disables all subsequent network activity for that IE session. I'm glad to see the topic already being discussed and wondered where I could find more info on why this behavior is &quot;safe and very normal&quot;. I'd just accept the answer as fact but it still feels like something isn't right and I'd love to know more about what this initial connection to local host accomplishes and why it occurs in any app that hosts IE.

    Thanks,

    John

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •