[linux-elitists] Sick of doubleclick.net yet?
Jeremy M. Dolan
Mon Jul 3 20:08:03 PDT 2000
On Mon, 03 Jul 2000 23:38:50 +0000, Don Marti wrote:
> It turns out that those nasty little cookies aren't so unique after
> all. I was able to get 53% duplicates: http://zgp.org/rbhl/prl/
I seriously doubt doubleclick is giving out any duplicates under
normal usage. If your business is harvesting information, you don't
give out the same id to 5 people. From briefly looking over the 2
logs you posted, the duplicate id's occur fairly close together. The
second log, spaned nearly 20 mins, but duplicates top out at 2
minutes apart. I'd say, it's cause by eaither of the following:
= the databases aren't designed to be queried from the same IP so
quickly, they don't sync up that often, and depend on the clients
DNS server to cache the IP long enough until the new users id can
be registered in the central database.
= There may be some IP*time formula it uses to make a new id. That
would account for us getting duplicates in a system designed not
to give out duplicates - clock skew between ad servers having the
same time multiplied by our same IP address... duplicate id.
If anyone's still interested, I have a C block available, if someone
wants to hack this python code to switch the IP it sends from (as I
said before, unfortunatly, I don't know a lick of python), I can post
some results. It may help us figure out how the id is generated.
Also, perhaps we should rotate the 'adpath' before we draw any
suspicion. Or we may be too late... any subscription attempts from
doubleclick addresses lately, Don? =)
> Anybody else want your name on the page? I want to give credit
> where credit is due, especially on that multiple IP address
I think I was the first to mention about the multiple IP addresses.
Please add my name, inside a <blink>. I just now noticed that the
mail I mentioned that in was sent only to Don. This is a new machine
and mutt wasen't fully set up yet this morning. How un-elitist of me,
missing the list-reply =(. Parts of it are viewable in Don's reply to
the list, however... That was to the list, right Don? Oh dear...
doesn't look like it. I'll resend my original post, resend your reply
if you want it public... just edit out all that stuff about our
columbian drug cartel ties.
Anyway, I only knew about the multiple IPs because a few months ago
I did an nslookup of ad.dc.net, so I could firewall it out. When it
didn't work, I started investigating. Heres some notes I found laying
I think these were actually the addresses ad.dc.net would resolve to:
126.96.36.199 62 82 102 142 182
188.8.131.52 70 90 130 170 210
184.108.40.206 103 105 106
These are some of their ARIN netblocks, scattered to prevent anyone
from firewalling them out. 15 brownie points if anyone can tell me
why I X'd three of them.
NETBLK-UU-63-77-79-192 220.127.116.11 - 18.104.22.168
NETBLK-SPRINT-3FA036-1 22.214.171.124 - 126.96.36.199
NETBLK-FON-106786867245939 188.8.131.52 - 184.108.40.206
NETBLK-DOUBLECLICK31-60-18 220.127.116.11 - 18.104.22.168
NETBLK-DOUBLECLICK-92-19 22.214.171.124 - 126.96.36.199
X NETBLK-DOUBLECLICK3 188.8.131.52 - 184.108.40.206
NETBLK-DOUBLECLICK-210-08 220.127.116.11 - 18.104.22.168
NETBLK-UU-204-178-112-160 22.214.171.124 - 126.96.36.199
X NETBLK-UU-204-253-104 188.8.131.52 - 184.108.40.206
NETBLK-SPRINT-D00ACA-1 220.127.116.11 - 18.104.22.168
X NETBLK-SPRINT-D020D3-1 22.214.171.124 - 126.96.36.199
NETBLK-UU-208-203-243 188.8.131.52 - 184.108.40.206
NETBLK-UU-208-211-225 220.127.116.11 - 18.104.22.168
NETBLK-UU-208-228-86 22.214.171.124 - 126.96.36.199
NETBLK-NET-DCLICKUU1 188.8.131.52 - 184.108.40.206
NETBLK-DCLICK2UU1 220.127.116.11 - 18.104.22.168
NETBLK-CYPC-2162306564 22.214.171.124 - 126.96.36.199
I think that was the weekend I stumbled onto this mailing list,
searching for anti-dc material, I wandered onto that nifty
little authoritative DNS trick. Using a similar method, I aliased
127.0.0.2 to around 20 of the major ad servers in /etc/hosts. Was
blocking probably 50% of the ads on a typical page. But I've since
moved back to the network-wide BIND tactic, to save my coworkers from
the evils of DC.
Jeremy M. Dolan <email@example.com>
More information about the linux-elitists