Anyone else seeing this, it started up a few weeks ago. We have a number of home users that VPN to our corporate network who are using Verizon DSL as their Internet provider. While they are connected to the corporate network they are generating tons of hits to 'supportcenter.verizon.net' (206.46.187.54) Here's a basic trace: host.on.my.net -> 206.46.187.54 TCP 49980 > HTTP [ACK] host.on.my.net -> 206.46.187.54 HTTP GET /sbconfigservlet/sbconfigservlet HTTP/1.1 206.46.187.54 -> host.on.my.net HTTP HTTP/1.1 404 Not found Here's the text of the transaction: host.on.my.net GET /sbconfigservlet/sbconfigservlet HTTP/1.1 Accept: */* Accept-Language: en If-Modified-Since: Mon, 09 Feb 2004 22:49:47 GMT User-Agent: Motive HTTP Client Host: supportcenter.verizon.net Connection: Keep-Alive Cache-Control: no-cache reply from 206.46.187.54 HTTP/1.1 404 Not found Server: Netscape-Enterprise/6.0 Date: Tue, 10 Feb 2004 19:37:05 GMT Content-type: text/html Content-length: 292 <HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=ISO-8859-1"><TITLE>Not Found</TITLE></HEAD><H1>Not Found</H1> The requested object does not exist on this server. The link you followed is either outdated, inaccurate, or the server has been instructed not to let you have it. This repeates over and over again many times a second while the client is connected. My guess is that these client files are the ones that initiate the conversation from the client: C:\program files\verizon\online\supportcenter\bin\matcli.exe C:\program files\verizon\online\supportcenter\bin\mpbtn.exe I'm seeing millions of hits to this site from just our ~100 users using Verizon per week. I have to think that world wide, Verizon clients are generating enough traffic to DOS themselves. I've tried contacting Verizon via email but I haven't received a response and their tech support had no information on this. Although we're now blocking this site and trying to clean up the clients, this is still generation a lot of noise on our network. Any ideas on how to get Verizon to take a look at this? Any input is welcome. Thanks,
Rob Elkind Information Security Engineer EMC² where information lives
Email: elkind_rob@emc.com