DoubleClick Hit by DDoS Attack

YetAnotherName writes "The Washington Times is reporting that everyone's most beloved online advertising distributor, DoubleClick, was subject to a DoS attack crippling the company's DNS servers, and preventing up to 75% of advertising from making it to web pages and surfers' eyes."

I didn't notice

[Patik]

I've had the following in my HOSTS file for a while now

0.0.0.0 ad.doubleclick.com
0.0.0.0 ads.doubleclick.net
0.0.0.0 ad2.doubleclick.net
0.0.0.0 ad3.doubleclick.net
0.0.0.0 ad4.doubleclick.net
0.0.0.0 ad5.doubleclick.net
0.0.0.0 ad6.doubleclick.net
0.0.0.0 ad7.doubleclick.net
0.0.0.0 ad8.doubleclick.net
0.0.0.0 ad9.doubleclick.net
0.0.0.0 ad10.doubleclick.net
0.0.0.0 ad11.doubleclick.net
0.0.0.0 ad12.doubleclick.net
0.0.0.0 ad13.doubleclick.net
0.0.0.0 ad14.doubleclick.net
0.0.0.0 ad15.doubleclick.net
0.0.0.0 ad16.doubleclick.net
0.0.0.0 ad17.doubleclick.net
0.0.0.0 ad18.doubleclick.net
0.0.0.0 ad19.doubleclick.net
0.0.0.0 ad20.doubleclick.net
0.0.0.0 ad.ch.doubleclick.net
0.0.0.0 ad.ca.doubleclick.net
0.0.0.0 ad.de.doubleclick.net
0.0.0.0 ad.fr.doubleclick.net
0.0.0.0 ad.jp.doubleclick.net
0.0.0.0 ad.nl.doubleclick.net
0.0.0.0 ad.no.doubleclick.net
0.0.0.0 ad.uk.doubleclick.net
0.0.0.0 ln.doubleclick.net
0.0.0.0 m.doubleclick.net
0.0.0.0 m2.doubleclick.net
0.0.0.0 iv.doubleclick.net
0.0.0.0 ebay.doubleclick.net

Lameness filter randomness: eed d ed wdwe de ff g v fdovk fok fb f osvi jfvioj asv d vp vv jspavj spav dsv aspdvj ede oijf o greg ewrg

Re:I didn't notice

[owlmon]

> I've had the following in my HOSTS file for a while now
>
> 0.0.0.0 ad.doubleclick.com
> 0.0.0.0 ads.doubleclick.net
> ...

Some alternatives that are fun:

1. Install privoxy from sourceforge.net. This is a local http proxy that allows you to filter out web content using regular expressions. So you can easily blank out any URL that contains the string "doubleclick." This is easier and more complete than trying to enumerate all the hostnames that Doubleclick Inc. uses. Privoxy is multi-platform; you can use it under Linux, Windows, etc.

2. Install posadis from sourceforge.net. This is a caching DNS server that you can install on your computer. It allows you to control how domain names (like *.doubleclick.net) get resolved by ALL the programs on your computer. I use it to essentially blackhole domains that I don't like. Once again, this is a multi-platform project. In particular, under Windoze, it runs as a service. It has an irritating bug: under Windoze, it will occasionally start using 100% CPU. When this happens, you have to restart the posadis service. A hassle, verily. But I enjoy having the control that derives from running my own DNS server.

3. Use a firewall (hardware or software) to block out numeric IP addresses. For example, 216.73.92.112 is www.doubleclick.net, so it should be blocked. I used to use this approach. I liked the idea of absolutely blocking any packets going to or from the bad guys, regardless of the DNS name used. The problem with this approach is that outfits like doubleclick.net will use a ton of different numeric IP addresses, and it's difficult to keep up with them.

Re:Sad news

[adam+mcmaster]

I agree, adblock is very useful.

Re:Sad news

[JPriest]

Not that box, I am pinging their primary DNS server and still getting a reply, they have 4.

ns1.doubleclick.net
ns2.doubleclick.net
ns3.doubleclick.net
ns4.doubleclick.net

This way you can check your networks to see if any machines are hitting these DNS server. I am going to keep my ping going to make sure ns1 stays online. j/k

You can do your part to reduce the load by adding doubleclicks ad-servers to your /etc/hosts file as 127.0.0.1 (this can be done in windows too).