try to block traffic from ad.doubleclick.net, but dns record hops.

zz at rockstone.com zz at rockstone.com
Sat Jun 23 14:16:36 UTC 2001


I wonder if anyone could provide share your idea, I have this
issue:  I have a linux box as a gateway/firewall for internal LAN,
I have noticed http browsing contains too much junk traffic to
the advertisement servers such as 'ad.doubleclick.net', eg. when you
browse www.cnn.com, or www.marketwatch.com, etc, you can notice
such links from the webpage source.
Because I am concerned over the rumors that they tend to snoop
on user's pc or on users using java or cookies, to save network
bandwidth, I am trying to establish rules with ipchains rules
to reject traffic from those ad servers. 
 
Of course, first, I need to find out their ad server ip addresses, 
so I did this:  ping ad.doubleclick.net, I got: 

PING gd3.doubleclick.net (208.32.211.200) from 192.168.1.92 :
56(84) bytes of data.
64 bytes from 208.32.211.200: icmp_seq=0 ttl=243 time=84.309 msec

Now I had found its ip address, so I added to the ipchains rule:
ipchains -A input -s 208.32.211.200 -j REJECT
ipchains -A output -d 208.32.211.200 -j REJECT

but ads keeps coming, so I did again ping to ad.doubleclick.net,
this time I got reply from a different ip,
PING gd3.doubleclick.net (208.184.29.130) from 192.168.1.92 :
56(84) bytes of data.
64 bytes from 208.184.29.130.doubleclick.net (208.184.29.130):
icmp_seq=0 ttl=11 5 time=87.732 msec

Now I got different ip address for the same host name, 
and this seems repeat endless.  
 
Then I did nslookup every few minutes, and it resolves to all
different ip addresses for the same host name ad.doubleclick.net:

208.184.29.70
204.253.104.45
208.184.29.110
206.65.183.110
204.253.104.95
204.253.104.30
208.184.29.50
209.67.38.106
208.184.29.70
206.65.183.80
209.67.38.106
209.67.38.102
204.253.104.45
204.253.104.30
208.32.211.200
208.184.29.130
206.65.183.155
208.184.29.50
....
#nslookup ad.doubleclick.net 

ad.doubleclick.net      canonical name = gd3.doubleclick.net.
Name:   gd3.doubleclick.net
Address: 209.67.38.104
Name:   gd22.doubleclick.net
Address: 208.184.29.130

> gd22.doubleclick.net
Server:         127.0.0.1
Address:        127.0.0.1#53

I don't quite understand the mechanism which doubleclik have deployed
to make their nslookup hopping or rotating, but are there anyway I
can completely stop ad traffic from their ad servers to my LAN? 

thanks very much.
 


More information about the bind-users mailing list