try to block traffic from ad.doubleclick.net, but dns record hops.
zz at rockstone.com
zz at rockstone.com
Sat Jun 23 20:32:41 UTC 2001
Success!
It seems I have effectively blocked junk ads traffic
to my LAN by adding following to the ipchains on Linux
gateway box:
## reject ads from doubleclick.net
ipchains -A output -d 199.95.207.0/24 -j REJECT
ipchains -A output -d 199.95.208.0/24 -j REJECT
ipchains -A output -d 208.184.29.0/24 -j REJECT
ipchains -A output -d 208.211.255.0/24 -j REJECT
ipchains -A output -d 209.67.38.0/24 -j REJECT
ipchains -A output -d 204.253.104.0/24 -j REJECT
ipchains -A output -d 206.65.183.0/24 -j REJECT
ipchains -A output -d 206.67.38.0/24 -j REJECT
ipchains -A output -d 208.32.211.0/24 -j REJECT
ipchains -A output -d 205.138.3.0/24 -j REJECT
ipchains -A input -s 199.95.207.0/24 -j REJECT
ipchains -A input -s 199.95.208.0/24 -j REJECT
ipchains -A input -s 208.184.29.0/24 -j REJECT
ipchains -A input -s 208.211.255.0/24 -j REJECT
ipchains -A input -s 209.67.38.0/24 -j REJECT
ipchains -A input -s 204.253.104.0/24 -j REJECT
ipchains -A input -s 206.65.183.0/24 -j REJECT
ipchains -A input -s 206.67.38.0/24 -j REJECT
ipchains -A input -s 208.32.211.0/24 -j REJECT
### reject ads from AOL
cking ads.web.aol.com
ipchains -A output -d 205.188.140.249 -j REJECT
ipchains -A output -d 205.188.140.185 -j REJECT
ipchains -A output -d 152.163.180.24 -j REJECT
ipchains -A output -d 152.163.180.56 -j REJECT
ipchains -A output -d 64.12.184.25 -j REJECT
ipchains -A output -d 64.12.184.57 -j REJECT
ipchains -A output -d 64.12.184.89 -j REJECT
ipchains -A output -d 64.12.184.121 -j REJECT
ipchains -A input -s 205.188.140.249 -j REJECT
ipchains -A input -s 205.188.140.185 -j REJECT
ipchains -A input -s 152.163.180.24 -j REJECT
ipchains -A input -s 152.163.180.56 -j REJECT
ipchains -A input -s 64.12.184.25 -j REJECT
ipchains -A input -s 64.12.184.57 -j REJECT
ipchains -A input -s 64.12.184.89 -j REJECT
ipchains -A input -s 64.12.184.121 -j REJECT
> What about blocking by domain? Can you do this on Linux?
>
> kevin
>
> -----Original Message-----
> From: Derek Balling [mailto:dredd at megacity.org]
> Sent: Saturday, June 23, 2001 10:56 AM
> To: zz at rockstone.com; bind-users at isc.org
> Cc: zz at rockstone.com
> Subject: Re: try to block traffic from ad.doubleclick.net, but dns
> record hops.
>
>
>
> Isn't this a problem better solved by attacking it at the source....
> finding the NS-set for "doubleclick.net" and configuring bind to
> treat their responses as bogus? :-)
>
> D
>
> At 10:16 AM -0400 6/23/01, zz at rockstone.com wrote:
> >I wonder if anyone could provide share your idea, I have this
> >issue: I have a linux box as a gateway/firewall for internal LAN,
> >I have noticed http browsing contains too much junk traffic to
> >the advertisement servers such as 'ad.doubleclick.net', eg. when you
> >browse www.cnn.com, or www.marketwatch.com, etc, you can notice
> >such links from the webpage source.
> >Because I am concerned over the rumors that they tend to snoop
> >on user's pc or on users using java or cookies, to save network
> >bandwidth, I am trying to establish rules with ipchains rules
> >to reject traffic from those ad servers.
> >
> >Of course, first, I need to find out their ad server ip addresses,
> >so I did this: ping ad.doubleclick.net, I got:
> >
> >PING gd3.doubleclick.net (208.32.211.200) from 192.168.1.92 :
> >56(84) bytes of data.
> >64 bytes from 208.32.211.200: icmp_seq=0 ttl=243 time=84.309 msec
> >
> >Now I had found its ip address, so I added to the ipchains rule:
> >ipchains -A input -s 208.32.211.200 -j REJECT
> >ipchains -A output -d 208.32.211.200 -j REJECT
> >
> >but ads keeps coming, so I did again ping to ad.doubleclick.net,
> >this time I got reply from a different ip,
> >PING gd3.doubleclick.net (208.184.29.130) from 192.168.1.92 :
> >56(84) bytes of data.
> >64 bytes from 208.184.29.130.doubleclick.net (208.184.29.130):
> >icmp_seq=0 ttl=11 5 time=87.732 msec
> >
> >Now I got different ip address for the same host name,
> >and this seems repeat endless.
> >
> >Then I did nslookup every few minutes, and it resolves to all
> >different ip addresses for the same host name ad.doubleclick.net:
> >
> >208.184.29.70
> >204.253.104.45
> >208.184.29.110
> >206.65.183.110
> >204.253.104.95
> >204.253.104.30
> >208.184.29.50
> >209.67.38.106
> >208.184.29.70
> >206.65.183.80
> >209.67.38.106
> >209.67.38.102
> >204.253.104.45
> >204.253.104.30
> >208.32.211.200
> >208.184.29.130
> >206.65.183.155
> >208.184.29.50
> >....
> >#nslookup ad.doubleclick.net
> >
> >ad.doubleclick.net canonical name = gd3.doubleclick.net.
> >Name: gd3.doubleclick.net
> >Address: 209.67.38.104
> >Name: gd22.doubleclick.net
> >Address: 208.184.29.130
> >
> >> gd22.doubleclick.net
> >Server: 127.0.0.1
> >Address: 127.0.0.1#53
> >
> >I don't quite understand the mechanism which doubleclik have deployed
> >to make their nslookup hopping or rotating, but are there anyway I
> >can completely stop ad traffic from their ad servers to my LAN?
> >
> >thanks very much.
> >
>
>
> --
> +---------------------+-----------------------------------------+
> | dredd at megacity.org | "Conan! What is best in life?" |
> | Derek J. Balling | "To crush your enemies, see them |
> | | driven before you, and to hear the |
> | | lamentation of their women!" |
> +---------------------+-----------------------------------------+
>
More information about the bind-users
mailing list