Tracksters: Difference between revisions
Jump to navigation
Jump to search
Fostermarkd (talk | contribs) (initial page) |
No edit summary |
||
| (15 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
There are numerous marketing companies who will track you by your Internet usage (aka click streams), [[wikipedia:Web bug|web bugs]], etc. [http://www.google.com/doubleclick/ Doubleclick] is probably the most notorious example. (Now owned by Google... are you worried yet?) | |||
I call them "Tracksters". | |||
I | |||
The host or domain names used by them can be easily determined by browsing your cookies after surfing the web for a while. | |||
Shown below are some real-world domains found in my cookies file. | |||
A condensed & clean version of this list is at http://bit.ly/18fyINq | |||
<PRE> | <PRE> | ||
Host/Domain Cookie name | Host/Domain Cookie name Notes | ||
data.coremetrics.com CoreID6 | data.coremetrics.com CoreID6 | ||
doubleclick.net id | doubleclick.net id | ||
.ehg-etoys.hitbox.com DM541004C4EZV6 } | .ehg-etoys.hitbox.com DM541004C4EZV6 } | ||
.ehg-hasbro.hitbox.com DM550217FKDEV6 } A pattern emerges | .ehg-hasbro.hitbox.com DM550217FKDEV6 } A pattern emerges! | ||
.ehg-f5.hitbox.com DM53123059DMV6 } others are oreilly, techtarget vmware | .ehg-f5.hitbox.com DM53123059DMV6 } others are oreilly, techtarget vmware | ||
fastclick.net rt | fastclick.net rt | ||
hitbox.com CTG | hitbox.com CTG | ||
ice.112.2o7.net s_vi | ice.112.2o7.net s_vi } [1] | ||
kanoodle.com (multiple) | kanoodle.com (multiple) | ||
kontera.com (multiple) | kontera.com (multiple) | ||
media.adrevolver.com (multiple) | media.adrevolver.com (multiple) | ||
mediaplex.com (multiple) | mediaplex.com (multiple) | ||
msnportal.112.2o7.net s_vi } | msnportal.112.2o7.net s_vi } [1] | ||
m.webtrends.com ACOOKIE | m.webtrends.com ACOOKIE | ||
networksolutions.112.2o7.net s_vi | networksolutions.112.2o7.net s_vi | ||
| Line 27: | Line 30: | ||
pa.penny-arcade.com phpAds_id | pa.penny-arcade.com phpAds_id | ||
partner2profit.com (multiple) | partner2profit.com (multiple) | ||
paypal.112.2o7.net s_vi | paypal.112.2o7.net s_vi } [1] | ||
perf.overture.com SYSTEM_USER_ID } another overture.com | perf.overture.com SYSTEM_USER_ID } another overture.com | ||
phg.hitbox.com (multiple) } all start with WR54122... | phg.hitbox.com (multiple) } all start with WR54122... | ||
| Line 46: | Line 49: | ||
tribalfusion.com ANON_ID } ANON == ANONYMOUS? yea, right | tribalfusion.com ANON_ID } ANON == ANONYMOUS? yea, right | ||
turn.com (multiple) | turn.com (multiple) | ||
web.checkm8.com (multiple) | web.checkm8.com (multiple) | ||
rocketprofit.com (multiple) } touts "Detailed, state of the art tracking capability" | |||
</PRE> | |||
== See Also == | |||
* http://doc.bleedingthreats.net/bin/view/Main/BlackHoleDNS | |||
* [http://www.stopbadware.org/ stopbadware.org] | |||
* [http://malwaredomains.com/ malwaredomains.com] - the DNS-BH project | |||
== Notes == | == Notes == | ||
Most cases, just blackhole the SLD, e.g. coremetrics.com instead of data.coremetrics.com. | Most cases, just blackhole the SLD, e.g. coremetrics.com instead of data.coremetrics.com. | ||
[1] See http://en.wikipedia.org/wiki/Omniture & http://www.omniture.com/privacy/2o7 | |||
There are LOTS of other references and resources for this type of information. | |||
* [http://adblockplus.org/en/subscriptions AdBlockPlus] - a firefox browser extension and links to various tracker lists. | |||
* [http://www.holland-consulting.net/tech/imblock.html Firewalling against Instant Messaging and File Sharing Services] | |||
== blackhole-gen script == | |||
I run this on my [[:User:Fostermarkd/FreeBSD|FreeBSD]] name servers. | |||
<B>Step 1.</B> Create the /var/named/etc/namedb/master/blackhole.zone file | |||
<PRE> | |||
$TTL 1d | |||
@ IN SOA @ root ( | |||
2006051201 ; serial | |||
1H ; refresh | |||
15M ; retry | |||
4W ; expiry | |||
5M ) ; negativeTTL | |||
1D IN NS ns1.foster.dmz. | |||
1D IN NS ns2.foster.dmz. | |||
1D IN A 127.0.0.2 | |||
* 1D IN A 127.0.0.2 | |||
</PRE> | |||
Note: You should change the NS lines to match your OWN authoritative name servers. | |||
<B>Step 2.</B> Add this line to named.conf: | |||
<PRE> | |||
include "named.conf.blackhole"; | |||
</PRE> | |||
<B>Step 3.</B> Put this script in /var/named/etc/namedb/blackhole-regen | |||
<PRE> | |||
#!/bin/sh | |||
# Warning, this script probably only works well on FreeBSD 5.5 or newer | |||
# Stick it in cron to run once daily or so, as root | |||
# Regenerate named.conf.blackhole file from updates "targets" | |||
# file maintained by mark.foster | |||
# also reloads named. | |||
cd /var/named/etc/namedb/ | |||
mv -f named.conf.blackhole named.conf.blackhole.old | |||
fetch http://mark.foster.cc/trackers | |||
for d in `cat trackers`; do | |||
cat <<EOF >> named.conf.blackhole | |||
zone "$d" { type master; file "master/blackhole.zone"; }; | |||
EOF | |||
done | |||
/etc/rc.d/named reload | |||
</PRE> | |||
<B>Step 4.</B> Run the script, and restart your name servers | |||
<PRE> | |||
/var/named/etc/namedb/blackhole-regen | |||
/etc/rc.d/named restart | |||
</PRE> | |||
<B>Step 5.</B> | |||
Optional but recommended, add crontab entry in /etc/crontab so this runs daily | |||
<PRE>0 12 * * * root /var/named/etc/namedb/blackhole-regen | |||
</PRE> | |||
[[Category:DNS]] | |||
[[Category:Security]] | |||
Latest revision as of 16:32, 7 December 2013
There are numerous marketing companies who will track you by your Internet usage (aka click streams), web bugs, etc. Doubleclick is probably the most notorious example. (Now owned by Google... are you worried yet?)
I call them "Tracksters".
The host or domain names used by them can be easily determined by browsing your cookies after surfing the web for a while.
Shown below are some real-world domains found in my cookies file.
A condensed & clean version of this list is at http://bit.ly/18fyINq
Host/Domain Cookie name Notes data.coremetrics.com CoreID6 doubleclick.net id .ehg-etoys.hitbox.com DM541004C4EZV6 } .ehg-hasbro.hitbox.com DM550217FKDEV6 } A pattern emerges! .ehg-f5.hitbox.com DM53123059DMV6 } others are oreilly, techtarget vmware fastclick.net rt hitbox.com CTG ice.112.2o7.net s_vi } [1] kanoodle.com (multiple) kontera.com (multiple) media.adrevolver.com (multiple) mediaplex.com (multiple) msnportal.112.2o7.net s_vi } [1] m.webtrends.com ACOOKIE networksolutions.112.2o7.net s_vi optimize.indieclick.net MAXID } aka Openads overture.com (multiple) pa.penny-arcade.com phpAds_id partner2profit.com (multiple) paypal.112.2o7.net s_vi } [1] perf.overture.com SYSTEM_USER_ID } another overture.com phg.hitbox.com (multiple) } all start with WR54122... quantserve.com uid qnsr.com (multiple) } aka QuinStreet Media rad.msn.com (multiple) } Advertising Delivery System (ADS) rotator.adjuggler.com (multiple) rotator.juggler.inetinteractive.com (multiple) searchmarketing.com SM serving-sys.com (multiple) sixapart.adbureau.net (multiple) } probably *.adbureau.net specificclick.net (multiple) statcounter.com (multiple) statse.webtrendslive.com (multiple) t4.trackalyzer.com trackalyzer tacoda.net (multiple) } "behavioral targeting", yikes trafficmp.com (multiple) tribalfusion.com ANON_ID } ANON == ANONYMOUS? yea, right turn.com (multiple) web.checkm8.com (multiple) rocketprofit.com (multiple) } touts "Detailed, state of the art tracking capability"
See Also
- http://doc.bleedingthreats.net/bin/view/Main/BlackHoleDNS
- stopbadware.org
- malwaredomains.com - the DNS-BH project
Notes
Most cases, just blackhole the SLD, e.g. coremetrics.com instead of data.coremetrics.com.
[1] See http://en.wikipedia.org/wiki/Omniture & http://www.omniture.com/privacy/2o7
There are LOTS of other references and resources for this type of information.
- AdBlockPlus - a firefox browser extension and links to various tracker lists.
- Firewalling against Instant Messaging and File Sharing Services
blackhole-gen script
I run this on my FreeBSD name servers.
Step 1. Create the /var/named/etc/namedb/master/blackhole.zone file
$TTL 1d
@ IN SOA @ root (
2006051201 ; serial
1H ; refresh
15M ; retry
4W ; expiry
5M ) ; negativeTTL
1D IN NS ns1.foster.dmz.
1D IN NS ns2.foster.dmz.
1D IN A 127.0.0.2
* 1D IN A 127.0.0.2
Note: You should change the NS lines to match your OWN authoritative name servers.
Step 2. Add this line to named.conf:
include "named.conf.blackhole";
Step 3. Put this script in /var/named/etc/namedb/blackhole-regen
#!/bin/sh
# Warning, this script probably only works well on FreeBSD 5.5 or newer
# Stick it in cron to run once daily or so, as root
# Regenerate named.conf.blackhole file from updates "targets"
# file maintained by mark.foster
# also reloads named.
cd /var/named/etc/namedb/
mv -f named.conf.blackhole named.conf.blackhole.old
fetch http://mark.foster.cc/trackers
for d in `cat trackers`; do
cat <<EOF >> named.conf.blackhole
zone "$d" { type master; file "master/blackhole.zone"; };
EOF
done
/etc/rc.d/named reload
Step 4. Run the script, and restart your name servers
/var/named/etc/namedb/blackhole-regen /etc/rc.d/named restart
Step 5. Optional but recommended, add crontab entry in /etc/crontab so this runs daily
0 12 * * * root /var/named/etc/namedb/blackhole-regen