From owner-freebsd-security Sun Jun 13 14:54: 3 1999 Delivered-To: freebsd-security@freebsd.org Received: from noop.colo.erols.net (noop.colo.erols.net [207.96.1.150]) by hub.freebsd.org (Postfix) with ESMTP id 5FEBB14E2C for ; Sun, 13 Jun 1999 14:53:56 -0700 (PDT) (envelope-from gjp@noop.colo.erols.net) Received: from localhost ([127.0.0.1] helo=noop.colo.erols.net) by noop.colo.erols.net with esmtp (Exim 2.12 #1) id 10tICk-0008rk-00; Sun, 13 Jun 1999 17:54:14 -0400 To: Jay Nelson Cc: "Ed P." , security@FreeBSD.ORG From: "Gary Palmer" Subject: Re: Fwd: [linux-security] Re: Port 7 scan In-reply-to: Your message of "Sun, 13 Jun 1999 14:24:50 CDT." Date: Sun, 13 Jun 1999 17:54:06 -0400 Message-ID: <34083.929310846@noop.colo.erols.net> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Jay Nelson wrote in message ID : > The echo service is, AFIK, a peculiarly Unix service. Why do you > suppose they chose echo for the latency test as opposed to a simple > ping? Nearly everything with an ethernet card will respond to a ping > returning, I would think, more useful latency information than a > refused connect. No, not everything. Most of the systems at work can't be pinged (with some exceptions). 'Course, you can't get to their echo port either. > Since echo is Unixcentric and most new admins leave echo open, echo > will reveal far more about a machine than a ping. Could it be that > this is the intent? Having talked to Resonate about their distributed load balancing stuff, apparently some customers asked for echo port queries rather than ICMP (from memory ... the meeting was a couple of months ago). I think many many people are blocking ICMP at their borders to protect from smurfs. Basically, if you didn't understand the previous reply (or need more info) Resonate make a couple of DNS based load balancing solutions, one for replacing DNS round robin in a single datacenter environment, one for distributing load across multiple datacenters, with traffic being sent to the `closest' one. Their distributed DNS system works by having a system at each of the datacenters `ping' (somehow) the DNS server doing the lookup. The one with the lowest latency (generally, although load at the datacenter, and local preferences, can also weigh in) will be chosen, and an A record for ad.doubleclick.net will be returned pointing at that datacenter. Generally, that A record will be pointing at their local load balacing solution, which is an entire other story. Gary -- Gary Palmer FreeBSD Core Team Member FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message