GlobalDispatch and port 7
Kilheffer, John R.
john.kilheffer at amp.com
Tue Jun 15 19:53:51 UTC 1999
You should be blocking all port 7 (echo) as well as other low ports (like
chargen, daytime, etc.) from the Internet. Using these ports is a popular
way to launch a denial of service attack (spoof a return IP address using
port 7 as the originating port and send the packet to the chargen port of a
second system and poof! You have the two locked in a echo/chargen loop).
-jk
-----Original Message-----
From: PerSteinar.Iversen at adm.hioslo.no
[mailto:PerSteinar.Iversen at adm.hioslo.no]
Sent: Tuesday, June 15, 1999 1:24 PM
To: bind-users at isc.org
Subject: GlobalDispatch and port 7
Recently I have noticed a new thing: Lots
of connections to TCP port 7 (echo) to our
nameservers from DoubleClick and others.
This seems to be caused by a product
called GlobalDispatch from Resonate Inc.
The idea is that whenever a DNS request
for DoubleClick addresses come from any
domain then the DoubleClick servers
use the port 7 connections to measure
latency and then use this information to
determine the best server for the requesting
site.
I feel this is rather annoying and have
blocked all such connections to our DNS
servers.
Does anyone have any ideas on this, is
it just me that is too paranoid? Somehow
I feel this could be done better.
....
The use of this technology does not seem
to help DoubleClick keep their zone nice and clean,
these are messages from just the last few
minutes in my syslog:
wrong ans. name (ad.za.doubleclick.net != adssa02b.doubleclick.net)
dangling CNAME pointer (adssa02b.doubleclick.net)
dangling CNAME pointer (gd11.doubleclick.net)
dangling CNAME pointer (m1.doubleclick.net)
wrong ans. name (ad.za.doubleclick.net != adssa01a.doubleclick.net)
ns_forw: query(85.208.95.199.in-addr.arpa) NS points to CNAME
(hare.doubleclick.net:) learnt (CNAME=199.95.208.26:NS=4.1.16.4)
-psi
More information about the bind-users
mailing list