nanog mailing list archives
Re: Verizon clients DOS own site?
From: "Rubens Kuhl Jr." <rubens () email com>
Date: Thu, 19 Feb 2004 19:36:52 -0300
Or add a 127.0.0.1 supportcenter.verizon.net entry to the remotes hosts file. If and when they solve this or the software is removed, remove the entry; traffic will be killed locally before entering your VPN. Rubens ----- Original Message ----- From: "William Warren" <hescominsoon () emmanuelcomputerconsulting com> To: <Elkind_Rob () emc com> Cc: <nanog () merit edu> Sent: Thursday, February 19, 2004 6:48 PM Subject: Re: Verizon clients DOS own site? this is part of the autodiag software installed by the VZ cd....you will need to go through your remotes and uninstall that stuffe.. Elkind_Rob () emc com wrote:
Anyone else seeing this, it started up a few weeks ago. We have a number of home users that VPN to our corporate network who are using Verizon DSL as their Internet provider. While they are connected to the corporate network they are generating tons of hits to 'supportcenter.verizon.net' (206.46.187.54) Here's a basic trace: host.on.my.net -> 206.46.187.54 TCP 49980 > HTTP [ACK] host.on.my.net -> 206.46.187.54 HTTP GET /sbconfigservlet/sbconfigservlet HTTP/1.1 206.46.187.54 -> host.on.my.net HTTP HTTP/1.1 404 Not found Here's the text of the transaction: host.on.my.net GET /sbconfigservlet/sbconfigservlet HTTP/1.1 Accept: */* Accept-Language: en If-Modified-Since: Mon, 09 Feb 2004 22:49:47 GMT User-Agent: Motive HTTP Client Host: supportcenter.verizon.net Connection: Keep-Alive Cache-Control: no-cache reply from 206.46.187.54 HTTP/1.1 404 Not found Server: Netscape-Enterprise/6.0 Date: Tue, 10 Feb 2004 19:37:05 GMT Content-type: text/html Content-length: 292 <HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=ISO-8859-1"><TITLE>Not Found</TITLE></HEAD><H1>Not Found</H1> The requested object does not exist on this server. The link you followed is either outdated, inaccurate, or
the
server has been instructed not to let you have it. This repeates over and over again many times a second while the client is connected. My guess is that these client files are the ones that initiate the conversation from the client: C:\program files\verizon\online\supportcenter\bin\matcli.exe C:\program files\verizon\online\supportcenter\bin\mpbtn.exe I'm seeing millions of hits to this site from just our ~100 users using Verizon per week. I have to think that world wide, Verizon clients are generating enough traffic to DOS themselves. I've tried contacting Verizon via email but I haven't received a response and their tech support had no information on this. Although we're now blocking this site and trying to clean up the clients, this is still generation a lot of noise on our network. Any ideas on how to get Verizon
to
take a look at this? Any input is welcome. Thanks,Rob ElkindInformation Security EngineerEMC² where information lives Email: elkind_rob () emc com
-- May God Bless you and everything you touch. My "foundation" verse: Isaiah 54:17 No weapon that is formed against thee shall prosper; and every tongue that shall rise against thee in judgment thou shalt condemn. This is the heritage of the servants of the LORD, and their righteousness is of me, saith the LORD.
Current thread:
- Verizon clients DOS own site? Elkind_Rob (Feb 19)
- Re: Verizon clients DOS own site? William Warren (Feb 19)
- Re: Verizon clients DOS own site? Rubens Kuhl Jr. (Feb 19)
- RE: Verizon clients DOS own site? Wayne Gustavus (nanog) (Feb 20)
- Re: Verizon clients DOS own site? William Warren (Feb 20)
- routing invalid IP addresses Geo. (Feb 21)
- Re: routing invalid IP addresses Bill Woodcock (Feb 21)
- Re: routing invalid IP addresses Geo. (Feb 21)
- Re: routing invalid IP addresses Christopher X. Candreva (Feb 21)
- RE: routing invalid IP addresses Geo. (Feb 21)
- Re: routing invalid IP addresses Brian Knoblauch (Feb 21)
- Re: routing invalid IP addresses Geo. (Feb 21)
- Re: Verizon clients DOS own site? William Warren (Feb 20)
- Re: Verizon clients DOS own site? William Warren (Feb 19)
- Re: routing invalid IP addresses Stephen J. Wilcox (Feb 21)