"Sean E. Covel" wrote: > > Victor, > > I believe you are correct. After reading the banter going back and > forth, and recalling previous posts (about that DAMN X10 popup) I > reviewed my log. The log entries are bursts of hundreds in the same few > seconds. Must have been while I was on MyYahoo. I remeber getting then > X10 and Casino popups. Is there anyway we can reverse "SPAM" them to > stop this ridiculus traffic?
It's understandable that you want to retaliate but it wouldn't be very wise and it would cause further problems. Better to just deny and not log it, altogether...Remember that there are many others that are affected by this and maybe, pretty soon, it's possible that the people who supervise the backbones of the 'net will just get disgusted with all of this and will demand something be done to stop it, from those who are the cause of all this bandwidth consumption..... > Here is another one about an ISP using this technologu... > http://lists.insecure.org/incidents/2001/May/0096.html To tell you the truth, that's what I did, myself, back in Feb.-March, look at these log entries, taken from your link: > >> [140.239.176.162/17221] HarvardNet > >> [165.121.70.75/64551] Earthlink > >> [194.205.125.26/41123] European Regional Internet Registry > >> [194.213.64.150/47642] European Regional Internet Registry > >> [202.139.133.129/41595] Asia Pacific Network Information Center > >> [203.194.166.182/38808] Asia Pacific Network Information Center > >> [203.208.128.70/12235] Asia Pacific Network Information Center > >> [207.55.138.206/61929] "Verio, Inc." > >> [208.184.162.71/53567] Abovenet Communications > >> [209.249.97.40/45714] Abovenet Communications > >> [212.23.225.98/57974] European Regional Internet Registry > >> [212.78.160.237/29368] European Regional Internet Registry > >> [216.220.39.42/21602] "Myna Communications, Inc." > >> [216.33.35.214/21092] Exodus Communications > >> [216.34.68.2/45906] Exodus Communications > >> [216.35.167.58/32470] Exodus Communications > >> [62.23.80.2/55543] European Regional Internet Registry > >> [62.26.119.34/56523] European Regional Internet Registry > >> [63.209.147.246/54734] Level 3 Communications > >> [64.14.200.154/32735] Exodus Communications > >> [64.37.200.46/65042] Exodus Communications > >> [64.56.174.186/14237] Exodus Communications > >> [64.78.235.14/17768] "Verado, Inc. (Firstworld Communications)" which is more or less what I got, too. Notice the amount of entries from Exodus. What I did was place the source addresses in a web browser and I always got re-directed to a site called the Coyote Equalizer, the main site is located at http://www.coyotepoint.com/ Since these addresses were pointing to the same location, despite their geographical diversity, this must be the real culprit. Coyotepoint uses Exodus as their provider, by the way. The response? > Dear Mr. Benson, > > Coyote Point Systems (http://www.coyotepoint.com) produces a > "geographical load balancing" system called Envoy. This is a product > which allows our customers to direct internet users to the nearest > available > data center for fastest processing. For instance, UK users may > be processed in a London data center while US individuals will be > processed in a US data center. This product makes the user's > browsing speedier as well as providing additional redundancy (if a UK > data center goes off-line, UK individuals will be processed in one of our > US data centers). > > This product works by delegating DNS for a specific hostname (or > hostnames) to our Envoy machines. Envoy then calculates the best possible > location and serves up that IP. > > For instance, user X needs to resolve 'www.coyotepoint.com'. The user's > machine queries its local DNS which does not have authoritative information > > for 'www.coyotepoint.com'. That DNS then queries the SOA for the > 'bfast.com' domain which in turn directs it to one of the Envoy machines. > Envoy then uses the IP of the user's local DNS to calculate the best > geographical location. This is where the ping is attempted. If the ping > is unsuccessful, a default site is used. Please note that because we have > multiple sites for redundancy, a ping may be generated from each site in > order to determine the "closest" site. One look-up may generate several > from the Envoy system (two from each site). Your local DNS should cache > this > IP for several minutes before another look-up is required. > > We hope that you understand that we are in no way attempting to flood > anybody's network. The Envoy product is used solely to make the > individual's internet browsing experience faster and more robust. > > -- > --------------------------------------------------------------- > Bill Kish Ph: 650.969.6000 > Chief Engineer, 3350 Scott Blvd, Bldg 20 > Coyote Point Systems Inc. Santa Clara California 95054 > Email: [EMAIL PROTECTED] http://www.coyotepoint.com/ > --------------------------------------------------------------- > For support call: 1-888-891-8150 Email: <[EMAIL PROTECTED]> Jack Coates mentioned earlier, as well, that Cisco and others have been using this load balancing technique for quite some time, this is just another attempt, only more clumsier.... -- Patrick Benson Stockholm, Sweden _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
