Re: Verizon clients DOS own site?

["Rubens Kuhl Jr." <rubens () email com>]

Or add a
127.0.0.1 supportcenter.verizon.net
entry to the remotes hosts file. If and when they solve this or the software
is removed, remove the entry; traffic will be killed locally before entering
your VPN.


Rubens

----- Original Message ----- 
From: "William Warren" <hescominsoon () emmanuelcomputerconsulting com>
To: <Elkind_Rob () emc com>
Cc: <nanog () merit edu>
Sent: Thursday, February 19, 2004 6:48 PM
Subject: Re: Verizon clients DOS own site?



this is part of the autodiag software installed by the VZ cd....you will
need to go through your remotes and uninstall that stuffe..

Elkind_Rob () emc com wrote:

> Anyone else seeing this, it started up a few weeks ago.
>
> We have a number of home users that VPN to our corporate network who are
> using Verizon DSL as their Internet provider.  While they are connected to
> the corporate network they are generating tons of hits to
> 'supportcenter.verizon.net' (206.46.187.54)
>
> Here's a basic trace:
>
> host.on.my.net -> 206.46.187.54 TCP 49980 > HTTP [ACK]
> host.on.my.net -> 206.46.187.54 HTTP GET /sbconfigservlet/sbconfigservlet
> HTTP/1.1
>
> 206.46.187.54 -> host.on.my.net HTTP HTTP/1.1 404 Not found
>
> Here's the text of the transaction:
>
> host.on.my.net
>
> GET /sbconfigservlet/sbconfigservlet HTTP/1.1
> Accept: */*
> Accept-Language: en
> If-Modified-Since: Mon, 09 Feb 2004 22:49:47 GMT
> User-Agent: Motive HTTP Client
> Host: supportcenter.verizon.net
> Connection: Keep-Alive
> Cache-Control: no-cache
>
> reply from 206.46.187.54
>
> HTTP/1.1 404 Not found
> Server: Netscape-Enterprise/6.0
> Date: Tue, 10 Feb 2004 19:37:05 GMT
> Content-type: text/html
> Content-length: 292
>
> <HEAD><META HTTP-EQUIV="Content-Type"
> CONTENT="text/html;charset=ISO-8859-1"><TITLE>Not
> Found</TITLE></HEAD><H1>Not Found</H1> The requested object does not exist
> on this server. The link you followed is either outdated, inaccurate, or
the
> server has been instructed not to let you have it.
>
>
> This repeates over and over again many times a second while the client is
> connected.
>
> My guess is that these client files are the ones that initiate the
> conversation from the client:
>
> C:\program files\verizon\online\supportcenter\bin\matcli.exe
> C:\program files\verizon\online\supportcenter\bin\mpbtn.exe
>
> I'm seeing millions of hits to this site from just our ~100 users using
> Verizon per week.  I have to think that world wide, Verizon clients are
> generating enough traffic to DOS themselves.
>
> I've tried contacting Verizon via email but I haven't received a response
> and their tech support had no information on this.  Although we're now
> blocking this site and trying to clean up the clients, this is still
> generation a lot of noise on our network. Any ideas on how to get Verizon
to
> take a look at this?
>
> Any input is welcome.
>
> Thanks,
>
>
> > Rob Elkind
>
> Information Security Engineer
>
> > EMC²
> > where information lives
> >
> > Email:   elkind_rob () emc com

-- 
May God Bless you and everything you touch.

My "foundation" verse:
Isaiah 54:17 No weapon that is formed against thee shall prosper; and
every tongue that shall rise against thee in judgment thou shalt
condemn. This is the heritage of the servants of the LORD, and their
righteousness is of me, saith the LORD.