North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Verizon clients DOS own site?

  • From: William Warren
  • Date: Thu Feb 19 16:47:19 2004


this is part of the autodiag software installed by the VZ cd....you will need to go through your remotes and uninstall that stuffe..

[email protected] wrote:

Anyone else seeing this, it started up a few weeks ago.

We have a number of home users that VPN to our corporate network who are
using Verizon DSL as their Internet provider. While they are connected to
the corporate network they are generating tons of hits to
'supportcenter.verizon.net' (206.46.187.54)

Here's a basic trace:

host.on.my.net -> 206.46.187.54 TCP 49980 > HTTP [ACK] host.on.my.net -> 206.46.187.54 HTTP GET /sbconfigservlet/sbconfigservlet
HTTP/1.1

206.46.187.54 -> host.on.my.net HTTP HTTP/1.1 404 Not found

Here's the text of the transaction:

host.on.my.net

GET /sbconfigservlet/sbconfigservlet HTTP/1.1
Accept: */*
Accept-Language: en
If-Modified-Since: Mon, 09 Feb 2004 22:49:47 GMT
User-Agent: Motive HTTP Client
Host: supportcenter.verizon.net
Connection: Keep-Alive
Cache-Control: no-cache

reply from 206.46.187.54

HTTP/1.1 404 Not found
Server: Netscape-Enterprise/6.0
Date: Tue, 10 Feb 2004 19:37:05 GMT
Content-type: text/html
Content-length: 292

<HEAD><META HTTP-EQUIV="Content-Type"
CONTENT="text/html;charset=ISO-8859-1"><TITLE>Not
Found</TITLE></HEAD><H1>Not Found</H1> The requested object does not exist
on this server. The link you followed is either outdated, inaccurate, or the
server has been instructed not to let you have it.


This repeates over and over again many times a second while the client is
connected.

My guess is that these client files are the ones that initiate the
conversation from the client:

C:\program files\verizon\online\supportcenter\bin\matcli.exe
C:\program files\verizon\online\supportcenter\bin\mpbtn.exe

I'm seeing millions of hits to this site from just our ~100 users using
Verizon per week. I have to think that world wide, Verizon clients are
generating enough traffic to DOS themselves.

I've tried contacting Verizon via email but I haven't received a response
and their tech support had no information on this. Although we're now
blocking this site and trying to clean up the clients, this is still
generation a lot of noise on our network. Any ideas on how to get Verizon to
take a look at this?
Any input is welcome.

Thanks,


Rob Elkind
Information Security Engineer
EMC´┐Ż
where information lives

Email: [email protected]


--
May God Bless you and everything you touch.

My "foundation" verse:
Isaiah 54:17 No weapon that is formed against thee shall prosper; and every tongue that shall rise against thee in judgment thou shalt condemn. This is the heritage of the servants of the LORD, and their righteousness is of me, saith the LORD.