Re: Tcp port 7 spam from Doubleclick

["C. Harald Koch" <chk () pobox com>]

In message <380E13E0.E4166BFF () syracusesupply com>, Eric Toll writes:
> Let me know if you like this idea, or if you think I'm insaine on this.

There's alot more of these coming; see attached for another example.

-- 
C. Harald Koch     <chk () pobox com>

"It takes a child to raze a village."
                -Michael T. Fry

> --- Begin Message ---
>
>
> From: David Ambrose <stargazer1 () home com>
>
> Date: Tue, 19 Oct 1999 20:49:06 -0700
>
>
> Got this from a friend. How obnoxious can you get?
>
> Tom Perrine wrote:
> > Folks,
> >
> > About a month ago we started getting reports of ISDN lines staying up
> > for 7x24.  And my own ISDN line started doing the same thing.  I tried
> > rebooting the pipeline router, disconnected from the home net, and the
> > line would come back up immediately.
> >
> > The home router (not any of the hosts behind it) was being ping'ed, on
> > average about every 2-3 minutes, from anywhere between 2 and 4 hosts
> > out on the Internet.
> >
> > All the signs pointed to an attempt to mount a "cost them some money"
> > attack on us.  The source IP addresses would change, the DNS PTR
> > records were missing or pointed to names similar to those used in
> > dial-up pools, the source machines were locked-down in some ways, wide
> > open in others (typical script kiddie box).
> >
> > I finally started calling the source ISPs, with an offer to help them
> > find the intruders.  The response was scary:
> >
> > "It's supposed to do that, it's a product."
> >
> > This company, Akamai Technologies, is trying to calculate optimal and
> > efficient paths for "guaranteed and optimal delivery of Internet
> > content".
> >
> > To do this, they pick thousands of IP addresses at random, and then
> > ping them every few minutes.  Forever.  Once they find you, they never
> > stop until you complain.  I pointed out that random pinging could cost
> > other people money, and they said they had had complaints but they
> > always promptly removed addresses from their lists.
> >
> > Sounds just like the excuses the SPAMers use, to me.
> >
> > For now there are just a few nets where these things live, but I think
> > that the boxes will soon be sold to anyone who wants to deliver
> > "content".
> >
> > While I agree that this is possibly useful research-like stuff, their
> > cavalier attitude about "target selection" and being responsible for
> > the losses they cause has put them on my "target selection list."  If
> > they want to measure RTTs across the net they can either deploy their
> > own d*mn boxes, or at least get permission from the target, or take
> > some due diligence steps to make sure they aren't crossing any "pay
> > for play" network links.
> >
> > They cost us some money in ISDN bills, and labor hours to track them
> > down.  The "don't have a position" on whether or not they will pay for
> > financial losses they cause.  They'll be getting a bill anyway.  The
> > local FBI office and the local DA are both convinced that there is a
> > good case for any number of violations of CA state and/or Fed law, if
> > losses are incurred through the negligence of Akamai.  All we have to
> > do is decide to press charges.
> >
> > I'm going to see what their response to the billing is.  We'll take it
> > from there.
> >
> > Here are some of the IP addresses that you may see this ping traffic from:
> >
> > 206.132.160.42
> > 209.67.231.*
> > 216.32.65.143
> >
> > Some of the addresses have PTRs, and some don't.  Some are in
> > akamaitechnologies.com and some are in globalcenter.com.
> >
> > Some folks may want to block traffic from their nets at border
> > routers.  We *had* left ping open on our ISDN routers because there
> > was some small value in it, but we'll be closing that soon.
> >
> > *sigh*
> >
> > --tep
>
>
> --- End Message ---