Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NFR Wizards> 1999_2

NFR Wizards Archive: Re: TCP port 7 traffic from DoubleClick

Re: TCP port 7 traffic from DoubleClick

C. Harald Koch (chkpobox.com)
Mon, 05 Jul 1999 19:11:33 -0400

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: sean.kellylanston.com: "RE: Extreme Hacking"
Previous message: Paul Woodie: "Re: Extreme Hacking"
In reply to: Marcus J. Ranum: "Re: Extreme Hacking"
Next in thread: Joseph S D Yao: "Re: TCP port 7 traffic from DoubleClick"
Reply: Joseph S D Yao: "Re: TCP port 7 traffic from DoubleClick"

In message <990601185533.SAA21008gateway.mikon.com>, Greg Nowicki writes:
> My firewall has been logging a persistent stream of TCP connection attempts
> to port 7 (echo) from six hosts belonging to DoubleClick. I would like to
> know if anyone else on the list has observed this?

Here's a message discussing the issue, rumoured to be from the source:

-- 
Harald Koch <chkpobox.com>
attached mail follows:

------------------------------------------------------------------------------
Dear Sir,
	
	We are currently using the product GlobalDispatch from Resonate Inc.
for our Wide Area  Data Distribution.  Please see letter below for a detail explaination on
this product.  Thanks.
Sincerely,
Alex Ng
Doubleclick
--------------------
Hello Sir,
 
Alex at Doubleclick asked us to work with you regarding this ticket.
 
We have reason to believe that the reports you've received regarding
these three machines being compromised is a misunderstanding as a result
of our enterprise traffic management software: Global Dispatch.  Global
Dispatch is a WAN-based scheduler that makes it easy to place content
close to geographically dispersed users and and intelligently directs
requests to the best-suited Point of Presence (POP). 
 
In the course of determining the best suited POP, Global Dispatch preforms a
latency measurement.  This latency measurement is done by making a
connection  to the client DNS server on TCP port 7 and then dropping the connection.
After the latency measurement has been done, the latency values are cached, and
the IP of the most responsive POP is returned to the requesting machine.
 
I hope this help clear up the confusion. We are looking into other ways to
preform this latency mesurment, and hope we have not caused you any
inconvenience.
 
--
Resonate Technical Support <supportresonate.com>
	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	Richard Day	Call Center Manager
	Resonate, Inc.
	465 Fairchild Drive 
	Suite 115
	Mountain View, CA 94040
	Main Phone   650 967.6500
	Fax 	     650 967.6561
	Support Line 650 967.4800
	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Virtually
Raymond D. Mereniuk
Raymondfbn.bc.ca
"The Ultimate Enterprise Security Experts" 
http://www.fbn.bc.ca/sysecurt.html






Next message: sean.kellylanston.com: "RE: Extreme Hacking"
Previous message: Paul Woodie: "Re: Extreme Hacking"
In reply to: Marcus J. Ranum: "Re: Extreme Hacking"

Next in thread: Joseph S D Yao: "Re: TCP port 7 traffic from DoubleClick"
Reply: Joseph S D Yao: "Re: TCP port 7 traffic from DoubleClick"







This archive was generated by hypermail 2.0b3 
on Sat Jul 17 1999 - 07:19:02 CDT