try to block traffic from ad.doubleclick.net, but dns record hops.

zz at rockstone.com zz at rockstone.com
Sat Jun 23 20:32:41 UTC 2001


Success!
It seems I have effectively blocked junk ads traffic
to my LAN by adding following to the ipchains on Linux 
gateway box:

## reject ads from doubleclick.net

ipchains -A output -d 199.95.207.0/24 -j REJECT
ipchains -A output -d 199.95.208.0/24 -j REJECT
ipchains -A output -d 208.184.29.0/24 -j REJECT
ipchains -A output -d 208.211.255.0/24 -j REJECT
ipchains -A output -d 209.67.38.0/24 -j REJECT
ipchains -A output -d 204.253.104.0/24 -j REJECT
ipchains -A output -d 206.65.183.0/24 -j REJECT
ipchains -A output -d 206.67.38.0/24 -j REJECT
ipchains -A output -d 208.32.211.0/24 -j REJECT
ipchains -A output -d 205.138.3.0/24 -j REJECT
ipchains -A input -s 199.95.207.0/24 -j REJECT
ipchains -A input -s 199.95.208.0/24 -j REJECT
ipchains -A input -s 208.184.29.0/24 -j REJECT
ipchains -A input -s 208.211.255.0/24 -j REJECT
ipchains -A input -s 209.67.38.0/24 -j REJECT
ipchains -A input -s 204.253.104.0/24 -j REJECT
ipchains -A input -s 206.65.183.0/24 -j REJECT
ipchains -A input -s 206.67.38.0/24 -j REJECT
ipchains -A input -s 208.32.211.0/24 -j REJECT

### reject ads from AOL

cking ads.web.aol.com
ipchains -A output -d 205.188.140.249 -j REJECT
ipchains -A output -d 205.188.140.185 -j REJECT
ipchains -A output -d 152.163.180.24 -j REJECT
ipchains -A output -d 152.163.180.56 -j REJECT
ipchains -A output -d 64.12.184.25 -j REJECT
ipchains -A output -d 64.12.184.57 -j REJECT
ipchains -A output -d 64.12.184.89 -j REJECT
ipchains -A output -d 64.12.184.121 -j REJECT
ipchains -A input -s 205.188.140.249 -j REJECT
ipchains -A input -s 205.188.140.185 -j REJECT
ipchains -A input -s 152.163.180.24 -j REJECT
ipchains -A input -s 152.163.180.56 -j REJECT
ipchains -A input -s 64.12.184.25 -j REJECT
ipchains -A input -s 64.12.184.57 -j REJECT
ipchains -A input -s 64.12.184.89 -j REJECT
ipchains -A input -s 64.12.184.121 -j REJECT
  

> What about blocking by domain?  Can you do this on Linux?
> 
> kevin
> 
> -----Original Message-----
> From: Derek Balling [mailto:dredd at megacity.org]
> Sent: Saturday, June 23, 2001 10:56 AM
> To: zz at rockstone.com; bind-users at isc.org
> Cc: zz at rockstone.com
> Subject: Re: try to block traffic from ad.doubleclick.net, but dns
> record hops.
> 
> 
> 
> Isn't this a problem better solved by attacking it at the source.... 
> finding the NS-set for "doubleclick.net" and configuring bind to 
> treat their responses as bogus? :-)
> 
> D
> 
> At 10:16 AM -0400 6/23/01, zz at rockstone.com wrote:
> >I wonder if anyone could provide share your idea, I have this
> >issue:  I have a linux box as a gateway/firewall for internal LAN,
> >I have noticed http browsing contains too much junk traffic to
> >the advertisement servers such as 'ad.doubleclick.net', eg. when you
> >browse www.cnn.com, or www.marketwatch.com, etc, you can notice
> >such links from the webpage source.
> >Because I am concerned over the rumors that they tend to snoop
> >on user's pc or on users using java or cookies, to save network
> >bandwidth, I am trying to establish rules with ipchains rules
> >to reject traffic from those ad servers.
> >
> >Of course, first, I need to find out their ad server ip addresses,
> >so I did this:  ping ad.doubleclick.net, I got:
> >
> >PING gd3.doubleclick.net (208.32.211.200) from 192.168.1.92 :
> >56(84) bytes of data.
> >64 bytes from 208.32.211.200: icmp_seq=0 ttl=243 time=84.309 msec
> >
> >Now I had found its ip address, so I added to the ipchains rule:
> >ipchains -A input -s 208.32.211.200 -j REJECT
> >ipchains -A output -d 208.32.211.200 -j REJECT
> >
> >but ads keeps coming, so I did again ping to ad.doubleclick.net,
> >this time I got reply from a different ip,
> >PING gd3.doubleclick.net (208.184.29.130) from 192.168.1.92 :
> >56(84) bytes of data.
> >64 bytes from 208.184.29.130.doubleclick.net (208.184.29.130):
> >icmp_seq=0 ttl=11 5 time=87.732 msec
> >
> >Now I got different ip address for the same host name,
> >and this seems repeat endless. 
> >
> >Then I did nslookup every few minutes, and it resolves to all
> >different ip addresses for the same host name ad.doubleclick.net:
> >
> >208.184.29.70
> >204.253.104.45
> >208.184.29.110
> >206.65.183.110
> >204.253.104.95
> >204.253.104.30
> >208.184.29.50
> >209.67.38.106
> >208.184.29.70
> >206.65.183.80
> >209.67.38.106
> >209.67.38.102
> >204.253.104.45
> >204.253.104.30
> >208.32.211.200
> >208.184.29.130
> >206.65.183.155
> >208.184.29.50
> >....
> >#nslookup ad.doubleclick.net
> >
> >ad.doubleclick.net      canonical name = gd3.doubleclick.net.
> >Name:   gd3.doubleclick.net
> >Address: 209.67.38.104
> >Name:   gd22.doubleclick.net
> >Address: 208.184.29.130
> >
> >>  gd22.doubleclick.net
> >Server:         127.0.0.1
> >Address:        127.0.0.1#53
> >
> >I don't quite understand the mechanism which doubleclik have deployed
> >to make their nslookup hopping or rotating, but are there anyway I
> >can completely stop ad traffic from their ad servers to my LAN?
> >
> >thanks very much.
> >
> 
> 
> -- 
> +---------------------+-----------------------------------------+
> | dredd at megacity.org  | "Conan! What is best in life?"          |
> |  Derek J. Balling   | "To crush your enemies, see them        |
> |                     |    driven before you, and to hear the   |
> |                     |    lamentation of their women!"         |
> +---------------------+-----------------------------------------+
> 



More information about the bind-users mailing list