Why is 127.0.0.1 used for hosts file redirects instead of 127.0.0.0?

[VanguardLH]

(Originally posted to the microsoft.public.windowsxp.admin_security
newsgroup but got no bites there after 4 days.)

You can obtain pre-compiled hosts files used to block ad sources, phish
sites, malicious sites, or other content (based on an IP name that has
to include the hostname in the URL since this is, after all, a *hosts*
file). One such pre-compiled hosts file is the one from the MVPs site
(http://www.mvps.org/winhelp2002/hosts.htm). However, I'm wondering why
the loopback address of 127.0.0.1 (for localhost) was chosen.

127.0.0.1 actually exists since it is the loopback interface defined in
your NIC. If you put http://127.0.0.1/ into your web browser, you see
it cogitate a couple seconds before erroring. 127.0.0.0 is the default
network. Putting http://127.0.0.0/ results in an immediate failure.
The web server won't try to connect to a particular host.

The idea of using 127.0.0.1 only works if you are NOT running your own
web server. If you are then obviously the hosts file that redirects to
127.0.0.1 is trying to connect to your own web server when the intent
was to block a connection to the content at the specified host in the
URL. This means you could see content from your own web site
intermingled with the web page (where you were attempting to block some
content or that site using the hosts file). Well, obviously it will
take some time to retrieve web pages from your own server. Any local
process listening on port 80 would connect to the 127.0.0.1 address you
use in the hosts file for redirection (in trying to block content).

So why even bother trying to use the loopback IP address? What happens
if you have a web server that is local and listening on port 80 (for the
HTTP connects)? Why waste time trying to connect to your local web
server, if you have one or to even try to connect to one, if the point
is to block content? Why not use 127.0.0.0 which results in an instant
failure and would never connect to your web server should you ever
decide to run one? Or use 127.0.0.254 which is unlikely ever to get
used in your internal network path to define a host (but even that takes
longer to generate an error than using 127.0.0.0)?

Why the focus on using 127.0.0.1 to block content using the hosts file?
Why would you want your web browser to even try to find localhost when
the point is to always fail in order to block that content? 127.0.0.1
points to a particular diagnostics "host" (localhost). 127.0.0.0 points
to the diagnostics "network" so no host would be found nor could one be
found.

 

[Tom Willett]

Trolling for bites?

: (Originally posted to the microsoft.public.windowsxp.admin_security
: newsgroup but got no bites there after 4 days.)
:
: You can obtain pre-compiled hosts files used to block ad sources, phish
: sites, malicious sites, or other content (based on an IP name that has
: to include the hostname in the URL since this is, after all, a *hosts*
: file). One such pre-compiled hosts file is the one from the MVPs site
: (http://www.mvps.org/winhelp2002/hosts.htm). However, I'm wondering why
: the loopback address of 127.0.0.1 (for localhost) was chosen.
:
: 127.0.0.1 actually exists since it is the loopback interface defined in
: your NIC. If you put http://127.0.0.1/ into your web browser, you see
: it cogitate a couple seconds before erroring. 127.0.0.0 is the default
: network. Putting http://127.0.0.0/ results in an immediate failure.
: The web server won't try to connect to a particular host.
:
: The idea of using 127.0.0.1 only works if you are NOT running your own
: web server. If you are then obviously the hosts file that redirects to
: 127.0.0.1 is trying to connect to your own web server when the intent
: was to block a connection to the content at the specified host in the
: URL. This means you could see content from your own web site
: intermingled with the web page (where you were attempting to block some
: content or that site using the hosts file). Well, obviously it will
: take some time to retrieve web pages from your own server. Any local
: process listening on port 80 would connect to the 127.0.0.1 address you
: use in the hosts file for redirection (in trying to block content).
:
: So why even bother trying to use the loopback IP address? What happens
: if you have a web server that is local and listening on port 80 (for the
: HTTP connects)? Why waste time trying to connect to your local web
: server, if you have one or to even try to connect to one, if the point
: is to block content? Why not use 127.0.0.0 which results in an instant
: failure and would never connect to your web server should you ever
: decide to run one? Or use 127.0.0.254 which is unlikely ever to get
: used in your internal network path to define a host (but even that takes
: longer to generate an error than using 127.0.0.0)?
:
: Why the focus on using 127.0.0.1 to block content using the hosts file?
: Why would you want your web browser to even try to find localhost when
: the point is to always fail in order to block that content? 127.0.0.1
: points to a particular diagnostics "host" (localhost). 127.0.0.0 points
: to the diagnostics "network" so no host would be found nor could one be
: found.

 

[David H. Lipman]

From: "VanguardLH" <[email protected]>

| (Originally posted to the microsoft.public.windowsxp.admin_security
| newsgroup but got no bites there after 4 days.)

This is a networking question not an OS question.
Try asking in an appropriate TCP/IP networking news group instead.

 

[none]

Why use 127.0.0.0 (only in XP and earlier OS's) when you can use '0'?
That's what I use (except for localhost).
---

 

[VanguardLH]

VanguardLH


This is a networking question not an OS question.

Yeah, right, David. Show me any version of Windows that doesn't include
networking components in its installation even if the host isn't
connected to a network. So how vague or unspecific do I need to be
about the networking functions in Windows before it becomes "general"
enough for you to post about it here?

Have you actually looked at how many topics there are here which are
related to networking? How many topics would disappear if your
undefined criteria for "OS-only" topics were obeyed? Questions about
..Net, Favorites (in IE), rar files, intermittent connections (because
you say networking isn't an OS issue), Outlook, drive/partition
configuration for data safety, deleting unnecessary files, anti-virus,
e-mail, picture managers, rotated screens, and defragmenting a disk
aren't really OS-only topics, are they? But they ARE here.

Try asking in an appropriate TCP/IP networking news group instead.

So what are those *high-traffic* networking newsgroups to which you
refer but failed to mention? I'm not interested in hearing my own echo
in a newsgroup devoid of active participation. For your suggestion to
be genuine, you should actually mention what are those other newsgroups
and only mention those that receive enough traffic to likely result in a
response to any post submitted there.

 

[VanguardLH]

VanguardLH wrote ...


Why use 127.0.0.0 (only in XP and earlier OS's) when you can use '0'?
That's what I use (except for localhost).

From RFC 3330:

0.0.0.0/8 - Addresses in this block refer to source hosts on "this"
network. Address 0.0.0.0/32 may be used as a source address for this
host on this network; other addresses within 0.0.0.0/8 may be used to
refer to specified hosts on this network [RFC1700, page 4].

0.0.0.0 represents "any address". Binding a listening socket to 0.0.0.0
tells the OS to accept connections on any IP address for which the host
has bound network adapters. Say your host has 2 network adapters and
each has its own IP address. You could bind a socket to either network
adapter and connections are accepted only on that adapter for that IP
address. However, if you bind a socket to 0.0.0.0 (INADDR_ANY in
Winsock) than it binds to both adapters.

The result is that the traffic (that you are trying block or nullify)
has to go out through the external interface of your network adapter to
only come back in (or possibly to another host in your network). I
don't want to waste any resources, especially any that is exposed
outside my host, on content that I'm trying to nullify.

From that same RFC:

127.0.0.0/8 - This block is assigned for use as the Internet host
loopback address. A datagram sent by a higher level protocol to an
address anywhere within this block should loop back inside the host.
This is ordinarily implemented using only 127.0.0.1/32 for loopback,
but no addresses within this block should ever appear on any network
anywhere [RFC1700, page 5].

Yep, that's what I want. I don't want any traffic going outside my host
(i.e., exposed on the external interface of my network adapter) when I
am intending to block that content. There is no reason to spew any
traffic outside my network adapter when blocking that content.

I want to bottle up the block within my host without generating any
traffic outside my network adapter. From what I read, 0.0.0/8 won't do
that but 127.0.0/8 will. And to further that, it appears the web
browser aborts quicker when I reference the 127.0.0.0 diagnostic network
than when I use 127.0.0.1 host in the hosts file.

I suspect 127.0.0.1 got used because it designates an internal-only host
(localhost). The hosts file, after all, is about identifying hosts, not
networks. So using 127.0.0.1 for the host may simply be by convention
when used within the hosts file. Also, back then, workstations that
used the hosts file (a historical artifact before DNS showed up) were
NOT running any servers that were listening on that same host for
connections.

Many local proxies will use 127.0.0.1, like some older anti-virus
software, anti-spam proxies, filter proxies, or just about any process
that opens a socket on which it listens. You can run programs on your
host that are listening for connections and I don't want any possibility
of wasting resources for connections to them when I am blocking content
in web pages.

The blocked content will be likely using port 80 for the target server.
It is possible that I have a web server running on my host (in fact, I
recall a minimal web server that did nothing but work with the hosts
file to present a placeholder in the web page so you could see the
block). It is possible the URL to the blocked content specifies a
non-standard port number which could match the listening port for a
proxy or server process that I have running on my host. Why waste the
resources to create a socket when my intent is to block that content
(actually to nullify it as though it was never existed)?

Say I'm running SpamPal (I don't anymore but did once). How do e-mail
apps use it? By specifying 127.0.0.1 as the IP address for the
"server". Say I have SpamPal listen on port 8110. Well, that's not the
default of port 80 for HTTP connects but then the URLs for the blocked
content can specify a different port. They could even specify port
8110. The hosts file replaces the IP name with the IP address
(127.0.0.1) but not the port number so now the blocked content is trying
to connect to SpamPal at 127.0.0.1 listening on port 8110. Not likely
to happen but why leave open a window of opportunity?

127.0.0.1 is used by LOTS of network-facing software running locally on
your host. Just because you don't run a web browser now doesn't mean
you might not want to run one later (or some application that acts like
a web server, especially those that employ a web-centric UI). Using
127.0.0.1 for blocking content doesn't seem a good choice since it is
the same IP address used by many software programs listening for
connections on your own host.

That I can use 127.0.0.0 doesn't mean that's how it should be done.
That it works doesn't mean I should use it. I can use the rounded tip
of a butter knife on a screw, too, but it's not the proper tool. There
must be some reason why 127.0.0.0 didn't get used for *blocking* content
(and without generating any traffic outside the network adapter as would
occur when using 0.0.0.0).

 

[David H. Lipman]

From: "VanguardLH" <[email protected]>


| Yeah, right, David. Show me any version of Windows that doesn't include
| networking components in its installation even if the host isn't
| connected to a network. So how vague or unspecific do I need to be
| about the networking functions in Windows before it becomes "general"
| enough for you to post about it here?


That's just it. It is NOT an OS question but a TCP/IP question and thus should be
directed to a TCP/IP spoecific news group.

 

[Alister]

Why the focus on using 127.0.0.1 to block content using the hosts
file?
Why would you want your web browser to even try to find localhost when
the point is to always fail in order to block that content? 127.0.0.1
points to a particular diagnostics "host" (localhost). 127.0.0.0
points to the diagnostics "network" so no host would be found nor
could one be found.

That I can use 127.0.0.0 doesn't mean that's how it should be done.
That it works doesn't mean I should use it. I can use the rounded tip
of a butter knife on a screw, too, but it's not the proper tool. There
must be some reason why 127.0.0.0 didn't get used for *blocking* content
(and without generating any traffic outside the network adapter as would
occur when using 0.0.0.0).

The thing is, it's a hosts file, and therefore should only contain host
entries - as you so rightly say, 127.0.0.0 is not a host - it's a
network address. Unless your intention is to provide routing information
you should never specify a network address for a host lookup.

I guess it's one of those conventions that accumulate over time, as I
don't recall a specific RFC that forbids it.

However, there is no reason I can see why you shouldn't redirect
unwanted content to 127.0.0.2 or 3 or 4 etc.

Alister

 

[VanguardLH]

The thing is, it's a hosts file, and therefore should only contain host
entries - as you so rightly say, 127.0.0.0 is not a host - it's a
network address. Unless your intention is to provide routing information
you should never specify a network address for a host lookup.

I guess it's one of those conventions that accumulate over time, as I
don't recall a specific RFC that forbids it. However, there is no
reason I can see why you shouldn't redirect unwanted content to
127.0.0.2 or 3 or 4 etc.

That's what I figure: the hosts file must specify hosts, not networks.

I notice that when I specify 127.0.0.x where x = 1 to 254 (so the IP
address is for a host), it takes longer for the web browser to abort the
connection attempt. You see "Waiting for 127.0.0.x" in the status line
(which appears more than long enough to read it). Yet if 127.0.0.0 is
used (for the network), the web browser fails instantly (which is
desired). Since a web page could have dozens, or more, links to 3rd
party content that I am trying to nullify, it would seem faster rejects
(literally not trying at all to make the connects) would result in a
faster complete time to load (and render) the web page minus all the
blocked content.

It's possible the instantaneous fail to connect by the web browser won't
actually speed up the rendering of a web page where I am trying to
nullify (block) some of its content. I haven't tested the time to
dowload a web page riddled with content that I want to block to measure
the effective reduced load time for the page. Plus I would be testing
over an Internet connection which itself has variable delays to deliver
the content that I am not blocking, and I don't want to get into
installing a web server to run locally without the variable Internet
delays.

 

[VanguardLH]

From: "VanguardLH" <[email protected]>



| Yeah, right, David. Show me any version of Windows that doesn't include
| networking components in its installation even if the host isn't
| connected to a network. So how vague or unspecific do I need to be
| about the networking functions in Windows before it becomes "general"
| enough for you to post about it here?

That's just it. It is NOT an OS question but a TCP/IP question and thus should be
directed to a TCP/IP spoecific news group.

Please define "OS" (operating system). Windows has long come with LOTS
of ancilliary features and programs that are NOT part of just the rawest
diminutive code that constitutes an operating system. It's been decades
since any OS as delivered was just the OS. Show how any version of
Windows, Linux, AIX, HP-UX, Solaris, or any surviving OS to this day is
devoid of any networking components.

And please do include actual newsgroups to where you think this topic
would be more appropriate AND which have *active* participation so I'm
not tossing my post into the equivalent of a bit bucket.