Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 07 Nov 1998 20:25:15 +1100
From:      "Hallam Oaks" <mlnn4@oaks.com.au>
To:        "FreeBSD Security" <freebsd-security@FreeBSD.ORG>
Subject:   hmmmm ... Doubleclick
Message-ID:  <199811070924.UAA01040@mail.aussie.org>

next in thread | raw e-mail | index | archive | help
Now I wonder why Doubleclick would do this ...

Just a few minutes ago I visited a site  which had a doubleclick ad on it, 
and my IPFW monitoring tool almost immediately started chirping at me. A 
quick look showed that two seperate IP addresses had attempted to make TCP 
connections to port 53 (DNS) of the machine that hosts my proxy. That IP 
address does NOT host any DNS server.

The two IP addresses in question were 209.67.38.88 and 199.95.207.220, both 
of which resolve to Doubleclick (nygda1 and exgd1a.doubleclick.net).

Now, I'm not suggesting that doubleclick are doing anything they shouldn't 
here, but I'm still curious as to why they would attempt to make a TCP 
connection to a non-existant DNS server, based purely on the IP address of 
someone who's viewed one of their ads (it was at the Dilbert zone BTW).

Anyone seen this before ?

-- Chris




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199811070924.UAA01040>