From owner-freebsd-security Sat Nov 7 01:24:40 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id BAA12537 for freebsd-security-outgoing; Sat, 7 Nov 1998 01:24:40 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from mail.aussie.org (hallam.lnk.telstra.net [139.130.54.166]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA12530 for ; Sat, 7 Nov 1998 01:24:35 -0800 (PST) (envelope-from mlnn4@oaks.com.au) Received: from bigbox (dialup-b1-29.raytrace.com [203.29.75.73]) by mail.aussie.org (8.9.0/8.9.0) with SMTP id UAA01040 for ; Sat, 7 Nov 1998 20:24:21 +1100 (EST) Message-Id: <199811070924.UAA01040@mail.aussie.org> From: "Hallam Oaks" To: "FreeBSD Security" Date: Sat, 07 Nov 1998 20:25:15 +1100 Reply-To: "Hallam Oaks" X-Mailer: PMMail 98 Standard (2.01.1600) For Windows NT (4.0.1381;3) MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: hmmmm ... Doubleclick Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Now I wonder why Doubleclick would do this ... Just a few minutes ago I visited a site which had a doubleclick ad on it, and my IPFW monitoring tool almost immediately started chirping at me. A quick look showed that two seperate IP addresses had attempted to make TCP connections to port 53 (DNS) of the machine that hosts my proxy. That IP address does NOT host any DNS server. The two IP addresses in question were 209.67.38.88 and 199.95.207.220, both of which resolve to Doubleclick (nygda1 and exgd1a.doubleclick.net). Now, I'm not suggesting that doubleclick are doing anything they shouldn't here, but I'm still curious as to why they would attempt to make a TCP connection to a non-existant DNS server, based purely on the IP address of someone who's viewed one of their ads (it was at the Dilbert zone BTW). Anyone seen this before ? -- Chris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message