Little Snitch showing wrong host name for IP

General discussions about Little Snitch
Post Reply
xxloader
Posts: 2
Joined: Tue Feb 18, 2014 1:38 pm

Little Snitch showing wrong host name for IP

Post by xxloader » Tue Feb 18, 2014 1:46 pm

I think Little Snitch often shows a wrong host name for a connection if there are different host names for the same IP. For example on google services it shows something with youtube when accessing google.com or on my server it shows pop.domain.com when accessing cloud.domain.com.
This also causes connections to be blocked by mistake if one host name is blocked and a different host name with the same IP is supposed to be allowed.

Can anyone confirm this?

rsblanchard
Rank 3
Rank 3
Posts: 116
Joined: Mon Jul 02, 2007 9:25 am

Re: Little Snitch showing wrong host name for IP

Post by rsblanchard » Tue Feb 18, 2014 5:44 pm

The mechanical internal explanation for this is that this a "reverse-Domain-Name-Service" (reverse-DNS), which is provided by an internal-Unix-environment-variable, and the "whois"/"nic"-service on destination port #43 (decimal) (which does NOT show-up in VBX6's "log"s (because, if it did, it would get stuck in an infinite-loop)).

If you are running a version of Intego's ISB X6 anti-malware-suite, or Intego's VBX6, you will find a way to indirectly-affect the proper internal-Unix-environment-variable (which, by default, is set to prioritize the "French" "nic", not the "U.S." "nic", thus affecting your results ). Locate it in the "whois"-panel of VBX6's "Preferences", and change the ".fr", to ".us" .

Otherwise, I don't know the name of this Unix-environment-variable, so I can't help you further.
:D

hagen
Wizard
Wizard
Posts: 594
Joined: Mon Feb 18, 2008 11:05 pm

Re: Little Snitch showing wrong host name for IP

Post by hagen » Tue Feb 18, 2014 11:17 pm

From Littlesnitch help:
Little Snitch wants to show the hostname recently entered by the user or used by a process, not the reverse lookup name returned by the Domain Name System (DNS) because the reverse lookup name is often very cryptic. It therefore watches all DNS requests and responses on UDP and TCP ports 53 and 5353, and remembers the names which led to a particular IP address.

If there are multiple names which resolve to a given address, it guesses the “best” name (usually the last one used) to present to the user. In the Connection Alert and in Little Snitch Network Monitor’s connection list, you can view the other names by clicking the hostname.

That's how you get what appears to be the "wrong" hostname for a connection.



xxloader wrote:This also causes connections to be blocked by mistake if one host name is blocked and a different host name with the same IP is supposed to be allowed.

I don't believe there's any way around this, as Littlesnitch works on IP addresses not hostnames. If one name is blocked, all names that lead to that IP address will also be blocked.

mattn
Rank 1
Rank 1
Posts: 33
Joined: Mon Nov 24, 2008 4:08 am

Re: Little Snitch showing wrong host name for IP

Post by mattn » Tue Mar 11, 2014 6:35 pm

The problem is that the hostname LittleSnitch shows is sometimes sheer nonsense. For example, this is just nuts; no way is reuters.com the same as akamaitechnologies.com:

Image

Post Reply