Why does public domain resolve to 127.0.0.1?

First, let’s understand what 127.0.0.1 is. 127.0.0.1 is the loopback Internet protocol (IP) address otherwise called the “localhost.” The address establishes an IP connection to the same machine or computer that is in use by the end-user.

Establishing a network connection to the 127.0.0.1 loopback address happens in the same manner as determining one with any remote computer or device on the network. The primary difference is that the connection avoids using the local network interface hardware.

System administrators and application developers commonly use 127.0.0.1 to test applications. When establishing an IPv4 connection with 127.0.0.1, one receives the subnet mask 255.0.0.1.

If any public switch, router, or gateway receives a packet addressed to the loopback IP address, then it is required to drop the packet without logging the information. As a result, if a data packet is delivered outside of the localhost, by design it will not accidentally arrive at a computer which will try to answer it.

This aspect of the loopback helps ensure network security is maintained. It is more so because most computers will answer packets addressed to their respective loopback address. It may also unexpectedly activate other services on a machine by responding to a stray data packet.

How is 127.0.0.1 used in the Hosts File?

Whenever a computer user tries to access a website or remote computer by name, the computer checks the locally stored Hosts file for domain name resolution. It happens before sending a request to the Domain Name Server (DNS). The IP address 127.0.0.1 exists in the Hosts file on a computer with the plain English address, “localhost”.

It is also used by computer malware to assign legitimate websites to the localhost. It prevents the end-user from seeking legal computer security assistance with a malware infection. With many of the computer scareware packages, type of change is most commonly associated

Further, these packages are deployed across the Internet through maliciously infected websites, Trojan horse viruses, and infected email attachments.

Some computer administrators and interested students can modify on account of preventing access to undesirable websites. However, this is not a preferable method. That is because the end-user (or administrator) now becomes responsible for removing the entry when required. Examples of host file entries:

127.0.0.1 localhost

127.0.0.1 www.SiteYouWantToRouteToLocalHost.com

127.0.0.1 SiteYouWantToRouteToLocalHost.com

Steps to ping 127.0.0.1

Step 1 – Log in to your computer using an account with administrator permissions.

Step 2 – Open the “DOS” prompt by selecting the “Start” button and typing “CMD” into the search text field.

In Mac OS X, select the “Finder” located in the computer’s “Dock” and click on the “Utilities” menu option.

Then, double-click the “Network Utility” application icon.

Step 3 – In Windows, enter “ping 127.0.0.1” at the DOS command prompt followed by pressing the “Enter” key.

On a Mac, select the “Ping” menu tab and enter “127.0.0.1” in the field provided. Then press the “Ping” menu button.

Step 4 – View the results displayed on the screen. The data displayed will include the number of data packets sent, received, lost, and the approximate round trip time of the data transmission. Results on a Windows computer will look similar to:

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms

The person should check following steps:

1. Go to C:\Windows\System32\drivers\etc

2. Open the “hosts” file using a text editor (Notepad, Notepad++)

3. Search for “127.0.0.1 domain name.”

4. Delete or comment that line adding a “#” in front of the line

5. Run Command Prompt as an administrator “ipconfig /flushdns.”

6. Try pinging the host again

Finally, check out and Sign up for the upcoming Web App Pentesting Night School

Try Certified Ethical Hacker for FREE!!!https://infosecaddicts.com/course/certified-ethical-hacker-v10/

Avatar

This post was written by Joseph McCray