Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Subject: Re: False positive on TFN?
From: Erik Carus (er_carushotmail.com)
Date: Mon Jul 24 2000 - 09:11:27 CDT
- Next message: Grzegorz Stefan Flak: "SystemScanner tests"
- Previous message: Matthew F. Caldwell: "RE: RealSecure on Solaris"
- Maybe in reply to: Erik Carus: "False positive on TFN?"
- Maybe reply: Erik Carus: "Re: False positive on TFN?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
majordomoiss.net Contact issforum-owneriss.net for help with any problems!
I'm beginning to see the light concerning the TFN triggers noticed by our RS
At first, I captured the packets triggering the TFN events: there is one
echo request packet coming from 188.8.131.52 with an ICMP id of 123 and the
message "mailto:opsdigisle.com..." as data payload. This packet is replied
to with an echo reply packet which triggers the RS alarm. So that's a false
positive, because TFN uses only echo reply packets for communication between
clients and daemons.
Then, here is a little summary of the answers I got from several issforum
*** at first, there were several people who told me they saw the same
packets or similar ones.
*** one of you sent me the definitive answer he got from Digital Island (->
digisle.com), and here it is:
----------------------------- EMAIL FROM DIGISLE.NET FOLLOWS
We apologize for any inconvenience caused by pings (ICMP_ECHO packets)
coming from our machines. Your server was being ping'ed as part of our
real-time "network weather" mapping system called BDS. BDS is an essential
part of Footprint, Digital Island's intelligent network service offering.
It is used to optimize performance when your customers access the web
resources of our customers.
Our Footprint service is used by many large web publishers, such as AOL,
CNBC, Blue Mountain, Adforce and many others, to speed up the delivery of
their web content. Our system intelligently matches browsers to the
servers on our Footprint network which will provide the best performance.
The dynamic nature of routing and congestion on the Internet make it
necessary for us to constantly update our maps. Our network was pinging
your system because your system appeared to be a name server and had made a
sufficient number of resolution requests for our customer web sites to be
placed on the list of network nodes to be constantly observed for Internet
By pinging your name server we can provide better quality of
service to your users when they access the web sites of our expanding
customer list. We hope you will consider granting us permission to
continue pinging a name server in your domain as it will benefit your users.
Sandpiper Networks merged with Digital Island in Dec 1999, which is why
some of the machines pinging you were in digisle.net.
At this point you can:
1) Do nothing. Please accept our apologies and be assured that your
machines are not being pinged by a hostile party.
2) Tell us if there is a name server in your IP address space that you
would like us to ping. We will then direct future ping traffic to it.
3) Respond to this message requesting the we stop pinging your server. In
this event our pinging will cease in several days.
Digital Island Inc.
About Digital Island:
company's suite of application services for interactive e-Business allows
customers and partners to readily integrate content delivery, hosting and
intelligent networking to give the ultimate consumer a superior experience.
Strategically located Data Centers in the United States, Europe and Asia
are directly connected to leading access service providers in 23 countries.
In addition, Digital Island operates a network of more than 1,200 content
distributors across the Internet, which improves the performance and
reduces the cost of hosting high-volume Web applications in target markets.
This network is expected to grow to more than 6,000 content distributors in
350 locations worldwide by the year 2003. Digital Island is headquartered
in San Francisco.
--------- END OF THE MAIL FROM DIGISLE.COM -------------
Thank you for your answers, and have a nice day!
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com