try to block traffic from ad.doubleclick.net, but dns record hops.
Derek Balling
dredd at megacity.org
Sat Jun 23 15:55:33 UTC 2001
Isn't this a problem better solved by attacking it at the source....
finding the NS-set for "doubleclick.net" and configuring bind to
treat their responses as bogus? :-)
D
At 10:16 AM -0400 6/23/01, zz at rockstone.com wrote:
>I wonder if anyone could provide share your idea, I have this
>issue: I have a linux box as a gateway/firewall for internal LAN,
>I have noticed http browsing contains too much junk traffic to
>the advertisement servers such as 'ad.doubleclick.net', eg. when you
>browse www.cnn.com, or www.marketwatch.com, etc, you can notice
>such links from the webpage source.
>Because I am concerned over the rumors that they tend to snoop
>on user's pc or on users using java or cookies, to save network
>bandwidth, I am trying to establish rules with ipchains rules
>to reject traffic from those ad servers.
>
>Of course, first, I need to find out their ad server ip addresses,
>so I did this: ping ad.doubleclick.net, I got:
>
>PING gd3.doubleclick.net (208.32.211.200) from 192.168.1.92 :
>56(84) bytes of data.
>64 bytes from 208.32.211.200: icmp_seq=0 ttl=243 time=84.309 msec
>
>Now I had found its ip address, so I added to the ipchains rule:
>ipchains -A input -s 208.32.211.200 -j REJECT
>ipchains -A output -d 208.32.211.200 -j REJECT
>
>but ads keeps coming, so I did again ping to ad.doubleclick.net,
>this time I got reply from a different ip,
>PING gd3.doubleclick.net (208.184.29.130) from 192.168.1.92 :
>56(84) bytes of data.
>64 bytes from 208.184.29.130.doubleclick.net (208.184.29.130):
>icmp_seq=0 ttl=11 5 time=87.732 msec
>
>Now I got different ip address for the same host name,
>and this seems repeat endless.
>
>Then I did nslookup every few minutes, and it resolves to all
>different ip addresses for the same host name ad.doubleclick.net:
>
>208.184.29.70
>204.253.104.45
>208.184.29.110
>206.65.183.110
>204.253.104.95
>204.253.104.30
>208.184.29.50
>209.67.38.106
>208.184.29.70
>206.65.183.80
>209.67.38.106
>209.67.38.102
>204.253.104.45
>204.253.104.30
>208.32.211.200
>208.184.29.130
>206.65.183.155
>208.184.29.50
>....
>#nslookup ad.doubleclick.net
>
>ad.doubleclick.net canonical name = gd3.doubleclick.net.
>Name: gd3.doubleclick.net
>Address: 209.67.38.104
>Name: gd22.doubleclick.net
>Address: 208.184.29.130
>
>> gd22.doubleclick.net
>Server: 127.0.0.1
>Address: 127.0.0.1#53
>
>I don't quite understand the mechanism which doubleclik have deployed
>to make their nslookup hopping or rotating, but are there anyway I
>can completely stop ad traffic from their ad servers to my LAN?
>
>thanks very much.
>
--
+---------------------+-----------------------------------------+
| dredd at megacity.org | "Conan! What is best in life?" |
| Derek J. Balling | "To crush your enemies, see them |
| | driven before you, and to hear the |
| | lamentation of their women!" |
+---------------------+-----------------------------------------+
More information about the bind-users
mailing list