Security Incidents mailing list archives
Re: Speedera Ping, was "Packets from 255.255.255.255(80), etc."
From: Joe Stewart <jstewart () lurhq com>
Date: Tue, 4 Feb 2003 13:59:57 -0500
On Monday 03 February 2003 11:53 am, Neil Dickey wrote:
It is my understanding that "Speedera" is web service provider, and that these pings can be used by large distributed websites to determine the most efficient path from a webserver to a client, but that doesn't appear to be the purpose here. The target box is being used as a third-level DNS server, and also hosts the namespace our PCs use.
Speedera usually sends its probes to your nameservers instead of the end client. The reason for this is due to the way their load balancing works. In a typical session, your client would ask your local nameserver to resolve the address of a Speedera-hosted client site. Your nameserver then queries the root nameservers who point your nameserver at the authoritative Speedera nameservers. Your nameserver then queries Speedera's nameserver, which pings the IP address making the query (your nameserver) using their distributed back-end network. It then returns a DNS reply containing the IP address of the fastest cache for your location. -Joe -- Joe Stewart, GCIH Senior Intrusion Analyst LURHQ Corporation jstewart () lurhq com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Speedera Ping, was "Packets from 255.255.255.255(80), etc." Neil Dickey (Feb 05)
- Re: Speedera Ping, was "Packets from 255.255.255.255(80), etc." Joe Stewart (Feb 05)