[67747] in North American Network Operators' Group
Re: Verizon clients DOS own site?
daemon@ATHENA.MIT.EDU (William Warren)
Thu Feb 19 16:45:18 2004
Date: Thu, 19 Feb 2004 16:48:18 -0500
From: William Warren <hescominsoon@emmanuelcomputerconsulting.com>
To: Elkind_Rob@emc.com
Cc: nanog@merit.edu
In-Reply-To: <0EA1C81A182DAC43AA5912CECE8BEC9CAC7E72@CORPMX12.corp.emc.com>
Errors-To: owner-nanog-outgoing@merit.edu
this is part of the autodiag software installed by the VZ cd....you will =
need to go through your remotes and uninstall that stuffe..
Elkind_Rob@emc.com wrote:
> Anyone else seeing this, it started up a few weeks ago.
>=20
> We have a number of home users that VPN to our corporate network who ar=
e
> using Verizon DSL as their Internet provider. While they are connected=
to
> the corporate network they are generating tons of hits to
> 'supportcenter.verizon.net' (206.46.187.54)
>=20
> Here's a basic trace:
>=20
> host.on.my.net -> 206.46.187.54 TCP 49980 > HTTP [ACK]=20
> host.on.my.net -> 206.46.187.54 HTTP GET /sbconfigservlet/sbconfigservl=
et
> HTTP/1.1
>=20
> 206.46.187.54 -> host.on.my.net HTTP HTTP/1.1 404 Not found
>=20
> Here's the text of the transaction:
>=20
> host.on.my.net
>=20
> GET /sbconfigservlet/sbconfigservlet HTTP/1.1
> Accept: */*
> Accept-Language: en
> If-Modified-Since: Mon, 09 Feb 2004 22:49:47 GMT
> User-Agent: Motive HTTP Client
> Host: supportcenter.verizon.net
> Connection: Keep-Alive
> Cache-Control: no-cache
>=20
> reply from 206.46.187.54
>=20
> HTTP/1.1 404 Not found
> Server: Netscape-Enterprise/6.0
> Date: Tue, 10 Feb 2004 19:37:05 GMT
> Content-type: text/html
> Content-length: 292
>=20
> <HEAD><META HTTP-EQUIV=3D"Content-Type"
> CONTENT=3D"text/html;charset=3DISO-8859-1"><TITLE>Not
> Found</TITLE></HEAD><H1>Not Found</H1> The requested object does not ex=
ist
> on this server. The link you followed is either outdated, inaccurate, o=
r the
> server has been instructed not to let you have it.
>=20
>=20
> This repeates over and over again many times a second while the client =
is
> connected.
>=20
> My guess is that these client files are the ones that initiate the
> conversation from the client:
>=20
> C:\program files\verizon\online\supportcenter\bin\matcli.exe
> C:\program files\verizon\online\supportcenter\bin\mpbtn.exe
>=20
> I'm seeing millions of hits to this site from just our ~100 users using=
> Verizon per week. I have to think that world wide, Verizon clients are=
> generating enough traffic to DOS themselves.
>=20
> I've tried contacting Verizon via email but I haven't received a respon=
se
> and their tech support had no information on this. Although we're now
> blocking this site and trying to clean up the clients, this is still
> generation a lot of noise on our network. Any ideas on how to get Veriz=
on to
> take a look at this?=20
>=20
> Any input is welcome.
>=20
> Thanks,
>=20
>=20
>>Rob Elkind
>=20
> Information Security Engineer=20
>=20
>> EMC=B2 =09
>>where information lives
>>
>>Email: elkind_rob@emc.com
>> =20
>>
>=20
>=20
--=20
May God Bless you and everything you touch.
My "foundation" verse:
Isaiah 54:17 No weapon that is formed against thee shall prosper; and=20
every tongue that shall rise against thee in judgment thou shalt=20
condemn. This is the heritage of the servants of the LORD, and their=20
righteousness is of me, saith the LORD.
