I read several articles regarding what a host is. One suggested a host is something that has an IP on my network and may or may not be supplying data to a second IP. So if I select “Usage” and select an specific App, I can select “Hosts” and the result usually lists 5 or 10 hosts with IP’s resolvable from the “…” outside my network. What does this mean? Are they getting inside my router firewall? Do they have visibility into my local network or are they connected to the identified APP? Can I block them? Is this a security threat? I understand “content servers” but doubt that my App would go to France, Spain, Poland or Russia to get data and how would they attach to an app running inside my local private network unless the App is communicating or connecting to these outside IP’s. Any help in understanding what I am seeing would be greatly appreciated.
Hello @Dave_Grissom
Thanks for using GlassWire.
A host is an IP your app is connecting to. For example if you use an App from Google it may connect to Google.com to function.
GlassWire also shows IP addresses that are local. These are usually other devices on your own local network like printers, etc…
It sounds like what you’re seeing is normal, but if you want to click on my name in the forum and send me a private message with a screenshot I would be glad to review it for you. Thanks!
The following explanation may help you to understand what is happening.
In computing terms, a host is:
- a computer which stores a website or other data that can be accessed over the Internet or which provides other services to a network.
Source: host - Google Search
So your “content servers” are hosts.
On the Internet, hosts and other devices all have an IP (internet Protocol) address.
Devices communicate with each other using their IP address to establish a connection.
It is easier to understand this if you think about using a phone number to communicate on a public switched telephone network (PSTN). Each phone has a phone number and if you want to communicate with someone else then you rely on having the correct telephone number to call them.
Likewise, you use the IP address for “anyone” you want to communicate with on the Internet.
But we don’t have to remember the IP address of every device because the there is a system that acts like a phone book where you can lookup a name to find a number: the domain names system (DNS). So if I want to visit this forum website then I don’t have to remember an IP address, instead my computer system contacts a DNS server which converts “forum.glasswire.com” to the specific IP address registered for this forum.
The main security problem on a phone is similar to the Internet security problem. How can I screen my calls so scams callers and other unauthorised calls are barred or cannot steal my money or information. For example, what happens if someone phones me and impersonates my bank? Hopefully I will be smart enough to not share any private information such as account numbers as passwords. If I get scammed then I have failed to keep myself secure.
Our computer systems also have to perform screening of requests to establish an IP connection. That is what a Firewall does, it tries to bar unauthorised connections.
Your router should include an active firewall to protect all devices on your Local Area Network (LAN). You can also run the Windows Firewall on each Windows computer by enabling it with GlassWire.
These firewalls are primarily concerned with checking that incoming/inbound connection requests match outgoing/outbound connection requests made by your computer. Unauthorised connection requests are most likely to come from IP addresses that you have never connected to.
Of course this explanation is highly simplified but it should be easy to understand.
Now, to answer your specific questions about the hosts GlassWire shows for each process (applications and Windows sub-systems):
Are the hostsgetting inside my router firewall?
Yes. If they are considered to be valid connection requests then they can communicate with devices that are protected by the router firewall.
No, they have limited connections and don’t get access to everything inside your LAN or computer.
Do they have visibility into my local network …?
Normally not. To see inside your LAN generally normally requires a higher level of security credential (such as an account name and password) than a connection to transfer data for a web page.
… or are they connected to the identified APP?
Yes. They don’t connect directly to the identified application because Windows has various subsystems that handle the connections. But they will be logically connected to the app.
Can I block them?
Yes, using GlassWire you can block a connection to any app and many Windows subsystems. You can block both valid connections and unauthorised connection. But you generally only want to block anything that might be unauthorised or destructive.
Is this a security threat?
No, not normally.
But they can be if your firewall fails to detect unauthorised connection requests.
Also, I should have added that there is a help topic here:
Thank you both for the help. I did first search out the discussion on “What is a host or network host” and on a side note to Remah, when I started working in the electronics field, all of my equipment was made with “tubes”, networks did not exist and are obviously not my speciality.(<;, I had a pretty good idea what in IP was but I always appreciate and learn from reviews that are so well written. I think what I got from both of you is that my App is able to connect to IP’s outside my firewall and that the reverse is probably not true as they would have to know the App was running and have a Port or some other way to connect to the App. I suspect the foreign IP’s I am seeing are remote servers that are supplying possible connections to others that are using the same App that is active on my machine. That is a guess. Thanks again for your answers.