try to block traffic from ad.doubleclick.net, but dns record hops.

Derek Balling dredd at megacity.org
Sat Jun 23 15:55:33 UTC 2001 

Isn't this a problem better solved by attacking it at the source.... 
finding the NS-set for "doubleclick.net" and configuring bind to 
treat their responses as bogus? :-)

D

At 10:16 AM -0400 6/23/01, zz at rockstone.com wrote:
>I wonder if anyone could provide share your idea, I have this
>issue:  I have a linux box as a gateway/firewall for internal LAN,
>I have noticed http browsing contains too much junk traffic to
>the advertisement servers such as 'ad.doubleclick.net', eg. when you
>browse www.cnn.com, or www.marketwatch.com, etc, you can notice
>such links from the webpage source.
>Because I am concerned over the rumors that they tend to snoop
>on user's pc or on users using java or cookies, to save network
>bandwidth, I am trying to establish rules with ipchains rules
>to reject traffic from those ad servers.
>
>Of course, first, I need to find out their ad server ip addresses,
>so I did this:  ping ad.doubleclick.net, I got:
>
>PING gd3.doubleclick.net (208.32.211.200) from 192.168.1.92 :
>56(84) bytes of data.
>64 bytes from 208.32.211.200: icmp_seq=0 ttl=243 time=84.309 msec
>
>Now I had found its ip address, so I added to the ipchains rule:
>ipchains -A input -s 208.32.211.200 -j REJECT
>ipchains -A output -d 208.32.211.200 -j REJECT
>
>but ads keeps coming, so I did again ping to ad.doubleclick.net,
>this time I got reply from a different ip,
>PING gd3.doubleclick.net (208.184.29.130) from 192.168.1.92 :
>56(84) bytes of data.
>64 bytes from 208.184.29.130.doubleclick.net (208.184.29.130):
>icmp_seq=0 ttl=11 5 time=87.732 msec
>
>Now I got different ip address for the same host name,
>and this seems repeat endless. 
>
>Then I did nslookup every few minutes, and it resolves to all
>different ip addresses for the same host name ad.doubleclick.net:
>
>208.184.29.70
>204.253.104.45
>208.184.29.110
>206.65.183.110
>204.253.104.95
>204.253.104.30
>208.184.29.50
>209.67.38.106
>208.184.29.70
>206.65.183.80
>209.67.38.106
>209.67.38.102
>204.253.104.45
>204.253.104.30
>208.32.211.200
>208.184.29.130
>206.65.183.155
>208.184.29.50
>....
>#nslookup ad.doubleclick.net
>
>ad.doubleclick.net      canonical name = gd3.doubleclick.net.
>Name:   gd3.doubleclick.net
>Address: 209.67.38.104
>Name:   gd22.doubleclick.net
>Address: 208.184.29.130
>
>>  gd22.doubleclick.net
>Server:         127.0.0.1
>Address:        127.0.0.1#53
>
>I don't quite understand the mechanism which doubleclik have deployed
>to make their nslookup hopping or rotating, but are there anyway I
>can completely stop ad traffic from their ad servers to my LAN?
>
>thanks very much.
>


-- 
+---------------------+-----------------------------------------+
| dredd at megacity.org  | "Conan! What is best in life?"          |
|  Derek J. Balling   | "To crush your enemies, see them        |
|                     |    driven before you, and to hear the   |
|                     |    lamentation of their women!"         |
+---------------------+-----------------------------------------+

More information about the bind-users mailing list