From owner-freebsd-security  Tue Nov 10 07:15:18 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id HAA04011
          for freebsd-security-outgoing; Tue, 10 Nov 1998 07:15:18 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from pn.wagsky.com (wagsky.vip.best.com [206.86.71.127])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA04004
          for <freebsd-security@FreeBSD.ORG>; Tue, 10 Nov 1998 07:15:03 -0800 (PST)
          (envelope-from Jeff@Wagsky.com)
Received: from [192.168.6.3] (mac.pn.wagsky.com [192.168.6.3])
	by pn.wagsky.com (8.8.8/8.8.8) with ESMTP id HAA11451;
	Tue, 10 Nov 1998 07:12:30 -0800 (PST)
	(envelope-from Jeff@Wagsky.com)
X-Sender: mailman@mail.pn.wagsky.com
Message-Id: <l03130307b26e051212b7@[192.168.6.3]>
In-Reply-To: <199811070924.UAA01040@mail.aussie.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Tue, 10 Nov 1998 07:04:26 -0800
To: "Hallam Oaks" <mlnn4@oaks.com.au>
From: Jeff Kletsky <Jeff@Wagsky.com>
Subject: Re: hmmmm ... Doubleclick
Cc: freebsd-security@FreeBSD.ORG
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

>I visited a site  which had a doubleclick ad on it,
>[...] two seperate IP addresses had attempted to make TCP
>connections to port 53 (DNS) of the machine that hosts my proxy. That IP
>address does NOT host any DNS server.
[...]
>Now, I'm not suggesting that doubleclick are doing anything they shouldn't
>here, but I'm still curious as to why they would attempt to make a TCP
>connection to a non-existant DNS server, based purely on the IP address of
>someone who's viewed one of their ads (it was at the Dilbert zone BTW).

Yes, the will verbally acknowledge this if you call them.  They don't give
a good reason, but I believe it is to build their database of demographics
so that they can justify charges for their ad placements.  I don't believe
that it matters *which* Doubleclick-related site you visit.

Yet another reason to disable zone transfers either/both with a firewall
and your DNS configuration files (c.f. secure_zone)...

Jeff



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message