TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
Hello everybody,
I'm beginning to see the light concerning the TFN triggers noticed by our RS
engine.
At first, I captured the packets triggering the TFN events: there is one
echo request packet coming from 63.210.241.4 with an ICMP id of 123 and the
message "mailto:[EMAIL PROTECTED]..." as data payload. This packet is replied
to with an echo reply packet which triggers the RS alarm. So that's a false
positive, because TFN uses only echo reply packets for communication between
clients and daemons.
Then, here is a little summary of the answers I got from several issforum
list members:
*** at first, there were several people who told me they saw the same
packets or similar ones.
*** one of you sent me the definitive answer he got from Digital Island (->
digisle.com), and here it is:
----------------------------- EMAIL FROM DIGISLE.NET FOLLOWS
--------------------------------
We apologize for any inconvenience caused by pings (ICMP_ECHO packets)
coming from our machines. Your server was being ping'ed as part of our
real-time "network weather" mapping system called BDS. BDS is an essential
part of Footprint, Digital Island's intelligent network service offering.
It is used to optimize performance when your customers access the web
resources of our customers.
Our Footprint service is used by many large web publishers, such as AOL,
CNBC, Blue Mountain, Adforce and many others, to speed up the delivery of
their web content. Our system intelligently matches browsers to the
servers on our Footprint network which will provide the best performance.
The dynamic nature of routing and congestion on the Internet make it
necessary for us to constantly update our maps. Our network was pinging
your system because your system appeared to be a name server and had made a
sufficient number of resolution requests for our customer web sites to be
placed on the list of network nodes to be constantly observed for Internet
congestion.
By pinging your name server we can provide better quality of
service to your users when they access the web sites of our expanding
customer list. We hope you will consider granting us permission to
continue pinging a name server in your domain as it will benefit your users.
Sandpiper Networks merged with Digital Island in Dec 1999, which is why
some of the machines pinging you were in digisle.net.
At this point you can:
1) Do nothing. Please accept our apologies and be assured that your
machines are not being pinged by a hostile party.
2) Tell us if there is a name server in your IP address space that you
would like us to ping. We will then direct future ping traffic to it.
3) Respond to this message requesting the we stop pinging your server. In
this event our pinging will cease in several days.
Regards,
Michael Roberts
Digital Island Inc.
About Digital Island:
Digital Island
company's suite of application services for interactive e-Business allows
customers and partners to readily integrate content delivery, hosting and
intelligent networking to give the ultimate consumer a superior experience.
Strategically located Data Centers in the United States, Europe and Asia
are directly connected to leading access service providers in 23 countries.
In addition, Digital Island operates a network of more than 1,200 content
distributors across the Internet, which improves the performance and
reduces the cost of hosting high-volume Web applications in target markets.
This network is expected to grow to more than 6,000 content distributors in
350 locations worldwide by the year 2003. Digital Island is headquartered
in San Francisco.
--------- END OF THE MAIL FROM DIGISLE.COM -------------
Thank you for your answers, and have a nice day!
Erik
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
