This is a fantastic initiative!!! I use a 100% interactive firewall but with memory, (When I know something is wrong I just tell the firewall to remember my answer) so it's difficult now to remember who called home. But if I see any new caller, I'll fill the list.

 

Great initiative Cat. Will checked it out asap and back with some results.

cheers

 

I could be wrong as usual but I thought of Cantabile and all the SWAM engine instruments.

 

All SWAM-enabled Sample Modeling libraries call home to "www.swamengine.com" - best to lock it up using hosts *yes*

Chopin, sorry, you were faster *yes*

RX4 just doesn't like being blocked on the firewall, otherwise it works fine when offline.

And a side offtopic (if it's allowed), DrWeb Cureit (antivirus) also calls home after successful test.
Windows Activation (WAT) calls home frequently, that's why it's great idea to cut off Windows out of internet. It's best to have dedicated Linux distro for internet access. However to prevent excessive reboots, I'd recommend setting up VM in VirtualBox or VMWare with any linux distro and bridge your network adapter to VM. This way your Windows host won't have access to inet, but guest VM will (took me some time to figure that out).
100% secure solution.
You can go even further with Guest Additions and mount shared point in Linux to access your Downloads from Windows.

Otherwise I tend to keep networking enabled, since there are two more laptops which can be used in cluster processing (both quad-cores). So with Reamote and UltraVNC it's easy to render on "12-core" cluster.

 

Top idea CatBro, I`m in the never connect my DAW PC to the iNet brigade but even so KNOW this kinda info is invaluable, kinda like you Brother!

 

Good idea Cat..
But, Hmm, am I wrong or did I read something about the IP-Ranges? Maybe I'm blind..but I cant see anything like an IP adress or an Server URL in this whole thread!

 

Catalyst, I appreciate your work on this!

I think that I have something to add.

Overloud TH2 2.2.17 (more than likely any version), under OSX, within Logic Pro, initiates the OSX auvaltool on port 80 to www.overloud.com.

Auvaltool is an AudioUnit validation check. I am not a programmer so here is the Apple Developer page for it:
https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man1/auvaltool.1.html

I have Little Snitch (firewall/network monitor) running on OSX and after installing TH2 and launching Logic Pro I received an alert from Little Snitch, during the audio unit validation, that the AU plugin for TH2 was phoning home. I have Little Snitch set to "Deny outgoing TCP connections via auvaltool to port 80 (http) of www.overloud.com". I have never received this alert for any of the other plugins I have installed.

The IP address for overloud is 185.48.33.240 as shown here: http://www.overloud.com.ipaddress.com/ also confirmed the IP address with OSX's Network Utility Lookup.

If I understand what you are trying to accomplish then I believe this is what you are looking for (I think).

Hope that helps!

 

Thanks luke.

Sure there are, it's just the domain names that a certain IP address is resolved to. You can find it out easily. DNS simply handles this for you transparently.

For example: MedlaProduction.com = 81.2.194.22

 

Here guys if you would also like to know the IP then simply type the site in on this page and you're good to go: DNS Resolver. Honestly though it's the same thing, I simply said IP ranges because people might initially not know the address it resolves to. Some will be addresses and sometimes you might just have an IP so feel free to post either here.

 

Yes..I know how to find out an IP Adress but usually it would be unnecessary to block the webadress because developers have something like an individual registration/authentification server. Like for example Adobe has:

127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com

On the other hand if you block the webadress you are unable to visit their website...and thats not what I want. Isnt it possible (via your firewall) to find out exactly the IP or Server URL an application tries to connect to?

 

Hi lukehh, if you see my example from above, with overloud.com, I do have a firewall running and I am still able to visit their web site with any browser.

All I have setup is an outgoing block, if you will, to their web site (IP address) when their own product, TH2's audio unit plugin, tries to phone home on that specific IP address. All that does is prevent their product from making an outbound connection or phoning home.

I don't want to step on anyone's toes here or underestimate anyones knowledge but simply stated the "hosts" file that Catalyst is working on is merely an outgoing blocking mechanism from your PC's (or Mac) NIC (network interface card) of known IP address, or range of addresses, that a sw developer uses for their product(s) to phone home.

Maybe I am not stating it clearly.

From Wikipedia's Hosts page: Internet resource blocking - Specially crafted entries in the hosts file may be used to block online advertising, or the domains of known malicious resources and servers that contain spyware, adware, and other malware. This may be achieved by adding entries for those sites to redirect requests to another address that does not exist or to a harmless destination, e.g., localhost.

That localhost 127.0.0.1 is a loopback address that refers to your own computer. An entry is made in the hosts file like "127.0.0.1 overloud.com" or their IP address "127.0.0.1 185.48.33.240" and all that does is loopback that entry to your own computer it cannot get out of your system onto the net. There is a very nice sample hosts file on the web site below as well as a thorough explanation.

Here is a good read: http://winhelp2002.mvps.org/hosts.htm ---> plus when talking about the "hosts" file it doesn't matter what OS you run if you are on a Win PC, any flavor of Unix or OSX (which is based on Berkeley Unix) it is the same thing because we are talking about what is happening at the networking level and that is the same for all OS'es (from mainframes down to PC's its the same).

I hope that helps!!!

Edit 1: One thing to note, and I am 100% positive that Catalyst will cover this when he is ready, is that if you have already crafted a hosts file on your system you will only need to add the hosts, or only the ones that pertain to you, that Catalyst creates to your existing hosts file then "flush the DNS cache" on your system and then you are set.

Edit 2: I am using a 3rd party firewall, Little Snitch, on OSX in addition to my hosts file. What I am not knowledgable in is the intricacies of how the the two function with each other. I know in Little Snitch I can block an outgoing request but if that same domain or IP address is placed in the hosts file - then what? I have not tried - something for me to test. If anyone knows the answer please educate me. Thanks.

 

@BigEmptySky..

Thanks for the explaination...But I simply wanted to mention that its not clever to block IP Adresses or URLs of the developers Website in your host file because this will result in the fact you will be unable to visit their website and usually will have no effect when an App is trying to verify a serial number etc. because developers usually use another server for this. As I tried to show with the Adobe host file entries. For example Andrew gave the hint to block "www.swamengine.com" .. and I say: No, this eventually only will have the effect you cant connect to their website...but still their plugins will stop working. Finally we have to find out the IPs or URLs of developers activation/registration/verification servers.

 

Adobe could work differently, you have to remember that a lot of these companies don't have so much capital to throw around for separate servers. You're talking about a huge company here that's been around for quite a long time. Also the problem is that sometimes it's not so clear in the interactive firewall what an address actually is. I have for example one right now that I can't figure out because it doesn't resolve. It could be a fucked up DNS entry but who knows.

For example R2R say to block meldaproduction. I'm sure if that weren't enough they would say a specific IP. And fuck their webpages, why would I want to visit a page of a dev pulling some bullshit?

 

Ok, I'm not fully understand the "hosts thing", I only can type here what I'm viewing in my ESET Firewall configuration rules:

Sam.exe and Sam64.exe (Samplitude)
GuitarPro.exe
AGG.exe (AmpleSound Guitar G)
VSTHost
MiniHostModular_x64.exe (Image Line)
xrecode2.exe
SetUp Digital Performe 8
motuDNSResponder.exe.
DP.exe x86 and x64
MelodyneEssentials setup (cakewalk version)
SonarPDR.exe
SamProX_Suite_En-II_setup.exe
SamProX2_Suite_setup.exe
Samplitude x86 and x64
Vita_Electric_Piano_Setup.exe

I blocked other programs from the firewall before starting them, "just in case"...

Can't see the ports or other info. I hope this will be usefull and will not be just noise or merely confusion.

Perhaps I didn't read well, but I'm not sure how the whole info added in this thread will be collected.

 

Hmm, usually its also not necessary to block installers (maybe during setup process) but its much more important to block the proggie itself to do outgoing connections. In Commodo firewall you are able to see exactly the destination IP when something is trying to connect.

 

Yes, the firewall "asks me" and then creates a rule during the setup.

 

how to get the real ip addresses of these:

korg.com
uaudio.com
reasonstudios.com
airmusictech.com
impactsoundworks.com
roland.com
reasonstudios.com
futureaudioworkshop.com
plogue.com


the hide behind cdn and i am still learning to reveal ...
pls help me

 

Last edited: Jul 4, 2023