Re: Speedera Ping, was "Packets from 255.255.255.255(80), etc."

[Joe Stewart <jstewart () lurhq com>]

On Monday 03 February 2003 11:53 am, Neil Dickey wrote:
> It is my understanding that "Speedera" is web service provider, and that
> these pings can be used by large distributed websites to determine the most
> efficient path from a webserver to a client, but that doesn't appear to be
> the purpose here.  The target box is being used as a third-level DNS
> server, and also hosts the namespace our PCs use. 

Speedera usually sends its probes to your nameservers instead of the end
client. The reason for this is due to the way their load balancing works. In a
typical session, your client would ask your local nameserver to resolve the
address of a Speedera-hosted client site. Your nameserver then queries
the root nameservers who point your nameserver at the authoritative Speedera 
nameservers. Your nameserver then queries Speedera's nameserver, which pings 
the IP address making the query (your nameserver) using their distributed 
back-end network. It then returns a DNS reply containing the IP address of
the fastest cache for your location.

-Joe

-- 
Joe Stewart, GCIH 
Senior Intrusion Analyst
LURHQ Corporation
jstewart () lurhq com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com