Forgot your password?
typodupeerror
Security The Internet

DoubleClick Hit by DDoS Attack 531

Posted by CowboyNeal
from the hard-rain-falls dept.
YetAnotherName writes "The Washington Times is reporting that everyone's most beloved online advertising distributor, DoubleClick, was subject to a DoS attack crippling the company's DNS servers, and preventing up to 75% of advertising from making it to web pages and surfers' eyes."
This discussion has been archived. No new comments can be posted.

DoubleClick Hit by DDoS Attack

Comments Filter:
  • by Anonymous Coward on Thursday July 29, 2004 @05:32PM (#9837813)
    It's been so long since I've seen an ad [texturizer.net] I forgot about them.
  • Re:Sad news (Score:3, Informative)

    by byolinux (535260) * on Thursday July 29, 2004 @05:33PM (#9837821) Journal
    I don't think I've seen a banner ad in a year or so.

    I used IE the other day for the first time in ages, and was surprised by a popup.
  • by dsanfte (443781) * on Thursday July 29, 2004 @05:35PM (#9837852) Journal
    Seriously, Slashdot needs to shape up, or stop trying to be a news site. This happened yesterday. If you can't get your editors to greenlight stories faster than 24hours in advance, let subscribers do it like Fark does.
  • I didn't notice (Score:5, Informative)

    by Patik (584959) * <cpatik.gmail@com> on Thursday July 29, 2004 @05:36PM (#9837860) Homepage Journal

    I've had the following in my HOSTS file for a while now

    0.0.0.0 ad.doubleclick.com
    0.0.0.0 ads.doubleclick.net
    0.0.0.0 ad2.doubleclick.net
    0.0.0.0 ad3.doubleclick.net
    0.0.0.0 ad4.doubleclick.net
    0.0.0.0 ad5.doubleclick.net
    0.0.0.0 ad6.doubleclick.net
    0.0.0.0 ad7.doubleclick.net
    0.0.0.0 ad8.doubleclick.net
    0.0.0.0 ad9.doubleclick.net
    0.0.0.0 ad10.doubleclick.net
    0.0.0.0 ad11.doubleclick.net
    0.0.0.0 ad12.doubleclick.net
    0.0.0.0 ad13.doubleclick.net
    0.0.0.0 ad14.doubleclick.net
    0.0.0.0 ad15.doubleclick.net
    0.0.0.0 ad16.doubleclick.net
    0.0.0.0 ad17.doubleclick.net
    0.0.0.0 ad18.doubleclick.net
    0.0.0.0 ad19.doubleclick.net
    0.0.0.0 ad20.doubleclick.net
    0.0.0.0 ad.ch.doubleclick.net
    0.0.0.0 ad.ca.doubleclick.net
    0.0.0.0 ad.de.doubleclick.net
    0.0.0.0 ad.fr.doubleclick.net
    0.0.0.0 ad.jp.doubleclick.net
    0.0.0.0 ad.nl.doubleclick.net
    0.0.0.0 ad.no.doubleclick.net
    0.0.0.0 ad.uk.doubleclick.net
    0.0.0.0 ln.doubleclick.net
    0.0.0.0 m.doubleclick.net
    0.0.0.0 m2.doubleclick.net
    0.0.0.0 iv.doubleclick.net
    0.0.0.0 ebay.doubleclick.net

    Lameness filter randomness: eed d ed wdwe de ff g v fdovk fok fb f osvi jfvioj asv d vp vv jspavj spav dsv aspdvj ede oijf o greg ewrg

  • by Beardo the Bearded (321478) on Thursday July 29, 2004 @05:37PM (#9837868)
    Thanks, Mike! [everythingisnt.com]

    I rarely see ads in either IE or Mozilla.
  • Re:Sad news (Score:5, Informative)

    by adam mcmaster (697132) on Thursday July 29, 2004 @05:37PM (#9837872) Homepage
    I agree, adblock [mozdev.org] is very useful.
  • Re:Sad news (Score:5, Informative)

    by byolinux (535260) * on Thursday July 29, 2004 @05:41PM (#9837930) Journal
    Adblock most of the time or PithHelmet for those Safari Moments.
  • Re:Sad news (Score:5, Informative)

    by JPriest (547211) on Thursday July 29, 2004 @05:43PM (#9837951) Homepage
    Not that box, I am pinging their primary DNS server and still getting a reply, they have 4.

    ns1.doubleclick.net
    ns2.doubleclick.net
    ns3.doubleclick.net
    ns4.doubleclick.net

    This way you can check your networks to see if any machines are hitting these DNS server. I am going to keep my ping going to make sure ns1 stays online. j/k

    You can do your part to reduce the load by adding doubleclicks ad-servers to your /etc/hosts file as 127.0.0.1 (this can be done in windows too).

  • Thank you MyDoom! (Score:2, Informative)

    by Anonymous Coward on Thursday July 29, 2004 @05:46PM (#9837978)
    Thanks Mydoom! =)

    I didnt notice though.. those are blocked anyway

    Id recommend everyone add this to their hosts file:

    127.0.0.1 ad.ca.doubleclick.net
    127.0.0.1 ad.de.doubleclick.net
    127.0.0.1 ad.doubleclick.net
    127.0.0.1 ad.es.doubleclick.net
    127.0.0.1 ad.fr.doubleclick.net
    127.0.0.1 ad.free6.com
    127.0.0.1 ad.it.doubleclick.net
    127.0.0.1 ad.iwin.com
    127.0.0.1 ad.jp.doubleclick.net
    127.0.0.1 ad.kr.doubleclick.net
    127.0.0.1 ad.linkexchange.com
    127.0.0.1 ad.linksynergy.com
    127.0.0.1 ad.nl.doubleclick.net
    127.0.0.1 ad.no.doubleclick.net
    127.0.0.1 ad.preferences.com
    127.0.0.1 ad.se.doubleclick.net

  • Old news (Score:5, Informative)

    by EvilStein (414640) <spam@@@pbp...net> on Thursday July 29, 2004 @05:51PM (#9838036) Homepage
    IF this isn't a second DDoS, then this happened a couple days ago already.
  • Re:I didn't notice (Score:5, Informative)

    by owlmon (696565) on Thursday July 29, 2004 @05:57PM (#9838081)
    > I've had the following in my HOSTS file for a while now
    >
    > 0.0.0.0 ad.doubleclick.com
    > 0.0.0.0 ads.doubleclick.net
    > ...

    Some alternatives that are fun:

    1. Install privoxy from sourceforge.net. This is a local http proxy that allows you to filter out web content using regular expressions. So you can easily blank out any URL that contains the string "doubleclick." This is easier and more complete than trying to enumerate all the hostnames that Doubleclick Inc. uses. Privoxy is multi-platform; you can use it under Linux, Windows, etc.

    2. Install posadis from sourceforge.net. This is a caching DNS server that you can install on your computer. It allows you to control how domain names (like *.doubleclick.net) get resolved by ALL the programs on your computer. I use it to essentially blackhole domains that I don't like. Once again, this is a multi-platform project. In particular, under Windoze, it runs as a service. It has an irritating bug: under Windoze, it will occasionally start using 100% CPU. When this happens, you have to restart the posadis service. A hassle, verily. But I enjoy having the control that derives from running my own DNS server.

    3. Use a firewall (hardware or software) to block out numeric IP addresses. For example, 216.73.92.112 is www.doubleclick.net, so it should be blocked. I used to use this approach. I liked the idea of absolutely blocking any packets going to or from the bad guys, regardless of the DNS name used. The problem with this approach is that outfits like doubleclick.net will use a ton of different numeric IP addresses, and it's difficult to keep up with them.
  • Re:Sad news (Score:1, Informative)

    by Anonymous Coward on Thursday July 29, 2004 @06:10PM (#9838194)
    Or a host file update! I use the host file from this website: http://www.mvps.org/winhelp2002/ [mvps.org] it's updated every month. That in conjunction with Firefox and no ads! Yay!
  • Re:Sad news (Score:3, Informative)

    by Pharmboy (216950) on Thursday July 29, 2004 @06:17PM (#9838255) Journal
    I use this little thing called a "hosts" file, so my IE popups are all blank ;) stuff like:

    127.0.0.1 ads.doubleclick.net
    127.0.0.1 ad2.doubleclick.net
    127.0.0.1 ad3.doubleclick.net
    127.0.0.1 ad4.doubleclick.net

    except I DO allow ads.osdn.net because im a nice guy and dont mind looking at the purdy pictures from them (and they are not usually popups). I found the hosts file here on /., with about 100 lines of entries.
  • Re:Sad news (Score:3, Informative)

    by rmohr02 (208447) <mohr DOT 42 AT osu DOT edu> on Thursday July 29, 2004 @07:03PM (#9838650)
    Why 127.0.0.1 instead of 0.0.0.0? Wouldn't you rather the requests for files go nowhere as opposed to right back at your machine?
  • Re:Sad news (Score:4, Informative)

    by Pharmboy (216950) on Thursday July 29, 2004 @07:09PM (#9838709) Journal
    Have you tried firefox?

    I have it installed on this box, along with IE. I still use IE half the time. I use mozilla on my linux boxes, but (i hate to say it) there are are certain aspects of IE that are more comfortable, or at least more familiar. Keep in mind, im an old geek, not a hobbiest. Been using Linux and GNU software for years and it is catching up very fast, but I still use the tools that make me more productive, and IE fits that bill at least half the time. The pops ups don't annoy me as bad as they used to, now that they are all blank pages.

    Oh, i found that hosts file address here [everythingisnt.com]. I chang a few lines for my uses (travelocity.com and osdn.com for instance) because it may break a few things, like Pogo, but its a great template for a hosts file if you customize it a bit for yourself.
  • by dsanfte (443781) * on Thursday July 29, 2004 @07:29PM (#9838869) Journal
    Ad blocking is something caused by a social dynamic, and as such appeals for single individuals to unblock ads in order to "save the site" are utterly futile. It makes zero difference. People hate ads.

    Five people listening to you isn't going to save the web advertising industry any more than me convincing (at great personal effort, mind you) five people to stop pirating Photoshop is going to see a noticeable increase in revenues for Adobe. It is not a statistically significant number, and all it ends up doing is hurting the individuals.

    Lastly, on the subject of "innovation". You know those piracy statistics software companies put out, so they can point to them and say "This is why software prices are so high! Piracy!"? Please tell me, have you ever heard of a company dropping prices because their sales went up?! The very thought of it is insane.

    Piracy, like ad blocking, in the end, is caused by social dynamics that no single invididual bucking a trend could ever hope to reverse.
  • Re:Sad news (Score:4, Informative)

    by JPriest (547211) on Thursday July 29, 2004 @07:35PM (#9838917) Homepage
    Becasue it takes a long time for nowhere to reply.
  • Re:Sad news (Score:5, Informative)

    by Elwood P Dowd (16933) <judgmentalist@gmail.com> on Thursday July 29, 2004 @07:37PM (#9838928) Journal
    Ok, I realize

    you are joking

    alexa is crap
    but doubleclick doesn't give a flying fuck [alexa.com] about slashdot.

  • Re:Sad news (Score:3, Informative)

    by Trent05 (70375) on Thursday July 29, 2004 @07:45PM (#9838985) Homepage
    These might be useful too. I direct em' to 0.0.0.0 cause I'm gangsta. :P

    1.primaryads.com
    a.tribalfusion.com
    ad.doublec lick.net
    ad.aboutwebservices.com
    adlog.com.com
    ads.accelerator-media.com
    ads.ebaumsworld.com
    ad s.nwsource.com
    ads.vnuemedia.com
    ads.weather.com
    ads.webtender.com
    ads.x10.com
    ar.atwola.com
    a sg01.casalemedia.com
    c.casalemedia.com
    c4.maxser ving.com
    clk.admt.com
    g.msn.com
    isg01.casalemed ia.com
    isg02.casalemedia.com
    isg03.casalemedia.c om
    isg04.casalemedia.com
    isg05.casalemedia.com
    media.fastclick.net
    mediamgr.ugo.com
    oas.foxnews .com
    oascentral.premierinteractive.com
    oascentra l.theonion.com
    oascentral.washingtontimes.com
    pa gead2.googlesyndication.com
    rd.yahoo.com
    regman. freeze.com
    rightmedia.net
    servedby.advertising.c om
    shopping.msn.com
    spe.atdmt.com
    us.ard.yahoo. com
    view.atdmt.com
    www.googleadservices.com
    www .kinghost.com
    xads.zedo.com
    z1.adserver.com

    Apparently the lameness filter dosen't like me just copy and pasting my hosts file.

  • by Anonymous Coward on Thursday July 29, 2004 @07:51PM (#9839039)
    Want to keep the subscription sites down and keep the free web up? Leave the banner ads be. Hell, click on them once in a while. If the advertisers and website are satisfied with how their ads are doing, they'll be less aggressive and less likely to piss you off.
    Simply clicking on ads is not going to please the advertisers. They are advertising because they hope you will buy their product or service, not just that you will see their ad. Click on all the banner ads you want; if you never buy anything after clicking on an ad, you are not supporting the advertiser. Yes, clickthru rates may be one metric that determines how much money your favorite free site gets from an advertiser, and in that way you can support a site by clicking on the ads, but that advertiser will stop advertising on the site entirely if they aren't getting a return on their investment.

    Meanwhile, by the time the ads are blocked by your proxy or whatever, your favorite site has already cashed its check and taken the advertiser's money. You should not feel guilty about browsing free sites while blocking or ignoring ads. I liken it to television advertising; when was the last time you felt guilty about getting up for a sandwich during the commercial break on your favorite show? You shouldn't, of course. The people who made the show have already been paid by the time you see it. It is the advertiser who risks losing income when people ignore ads.
  • Re:I didn't notice (Score:3, Informative)

    by Rie Beam (632299) on Thursday July 29, 2004 @07:56PM (#9839069) Journal
    I should mention there's a firefox extension that blocks ads based on regular expressions [mozdev.org]. Yet another reason to drop IE.
  • by strider44 (650833) on Thursday July 29, 2004 @08:23PM (#9839264)
    I like using AdBlock [mozdev.org] with the setting to just hide the ads instead of not download them at all activated. This doesn't really hurt anyone (I don't usually look at the ads anyway, and refuse to click it even if it is tempting and catching my eye, so the ad companies don't really lose money, and the site still gets their view).
  • Re:I didn't notice (Score:3, Informative)

    by magefile (776388) on Thursday July 29, 2004 @11:14PM (#9840465)
    You can't use *.doubleclick.*? I do that in adblock. Granted, the hosts file and adblock are two totally different beasts, but I'm surprised the hosts file doesn't support regex.
  • Re:Sad news (Score:4, Informative)

    by Read Icculus (606527) on Thursday July 29, 2004 @11:36PM (#9840596)
    Use a real hosts file, like This one [someonewhocares.org] . It's massive, constantly updated, and formatted nicely to show you how to redirect slashdot.org to "s".
  • Re:Sad news (Score:3, Informative)

    by kuiken (115647) on Friday July 30, 2004 @06:32AM (#9842185) Homepage
    copy this to a file and import to adblock and you'll almost never see an add again

    [Adblock] /(hot|spy)log/ /[\W\d](double|fast)click[\W\d]/ /[\W\d](onlineads?|ad(banner|click|-?flow|frame|im a?g(es?)?|_id|js|log|serv(er|e)?|stream|_string|s| trix|type|vertisements?|v|vert|xchange)?)[\W\d]/ /[\W\d]click(stream|thrutraffic|thru|xchange)[\W\d ]/ /[\W\d]dime(xchange|click)[\W\d]/ /[\W\d]value(stream|xchange|click)[\W\d]/ /[\W\d_](top|bottom|left|right|)?banner(s|id=|\d|_ )[\W\d]/ /[\W_](b(an|nr)s?|jump|redir(ect|s)?|stat)[\W_]/ /\/buy_assets\// /\D\d{2,3}x\d{2,3}\D/ /\W(cy|r)?c(ou)?nt(er|ed)?\W/ /p(artner|ing\.cgi|romotion)/ /sp(onsor|ymagic)/ /top(100|cto)/
    googlesyndication
    http://a.as-us. falkag.net/dat/bgf/*
    http://view.atdmt.com/MSN/iv iew/*
    reklama
    us.yimg.com/a/

There is no opinion so absurd that some philosopher will not express it. -- Marcus Tullius Cicero, "Ad familiares"

Working...