This is an e-mail I just sent to Double click. The have been scanning me for over an hour(about every three mins.)! What legal rights do I have? It appears that they are trying to hack my sys.

IS this a common pratice of yours to try and scan my tcp ports?!! ?You have attemted this over twenty times in the last hour. If you do not stop I will have to resort to legal action!

Summary
The alert you received, 'access blocked (incoming)', has the following meaning:

ZoneAlarm has blocked an incoming request to your computer. This could indicate that an unauthorized party is trying to gain access to it, or obtain information about your network.

Information Received:
Name 204.178.112.106 tried to access XXXXXXXXXX(TCP Port XXXX)
Product Name
File
Version
Status Dropped
Status Code 100002


Additional Resources

I highly doubt that someone is sitting at a terminal somewhere trying to hack your system. Most likely, there is some kind of software bug on their end and they keep searching for a cookie even after you've left their site. Or potentially, they searched for the cookie too many times, and all of the searches are coming through one at a time on your security software.

Thankyou
So it is normal for a site to do this? The only thing is I did not go to their site till after all of the probing was done.
The IP address actuly goes to a DoubleClick advertising server?
It just does not seem right for them to be doing this when my browser is closed or when I am not on their site.

Yes, thousands of sites use Doubleclick to serve ads. Thus, you didn't have to actually visit doubleclick for it to happen. It's good that you let them know about it, and hopefully they will respond and let you know what the problem was.

As for it being normal, no it isn't, but that's the nature of a bug/error. I don't think there was any malicious intent involved.

Did you see this thread about getting Double-click to stop tracking info about you?
http://www.sysopt.com/forum/Forum1/HTML/003847.html

This is a better option than what I was thinking (Ad Killers).
Dave

jad1097,
I have been getting the exact same invasion from DoubleClick (about every minute)! I wanted to know who 204.178.112.105 and 204.178.112.102 was.(obviously they are using a number of IPs in the 10x range) I did the same and it took me to their site. I was pretty ticked off, but at least they were blocked by ZoneAlarm.

My solution: I deleted my cookies and set my browser to not accept cookies any more.

Haven't got a hit from them since.

I do feel like sending them a nasty e-mail though, this is obviously very widespread.

Good luck,
...CHNsaw

I've been getting the same thing for awhile.

209.10.73.170 & 209.10.73.147 & 209.10.73.146

And also 216.66.130.155 & 216.66.130.117

How do you find out who's these are?

Thanks

R[][]FER,
Just put "http://" (without the quotes) in front of the number and enter it as an address.
I tried the first one you had and access was denied but it did say
Apache/1.3.4 Server at statler-adimages.earthweb.com Port 80)
if that rings a bell.
Good luck,
...CHNsaw

[This message has been edited by Chainsaw (edited 01-29-2000).]

Chainsaw...

Thanks for the info.

It doesn't ring a bell on the one you tried.

Darn kids and their porn sites http://www.sysopt.com/forum/wink.gif J/K

Thanks again for the response.

Now I don't feel so bad, thanks. Dave I saw that post, that is one of the reasons I did what I did.
Now everyone who has this problem should do as I did and e-mail them. I am sure if they keep getting response such as this they will fix it. I will do this every time it happens.

I think I will start to track what sites use them and put up a list so people can complain about them and there practices. Kinda sucks though as it will take away surf time but someone has to do it. If anyone knows of any site that use there banners e-mail me the url.


[This message has been edited by jad1097 (edited 01-29-2000).]

jad1097,
So, let's see, what would you call this, an anti-spamscan attack crusade?
Sound the ZoneAlarm!
Go getum jad1097!

...CHNsaw

Something like that. I feel violated!

statler.earthweb.com is SysOpt.com's server. Is that where these TCP port scans are originating?

R[][]FER:

216.66.130.155 = pgr-53-0159.direct.ca
216.66.130.117 = pgr-53-0121.direct.ca
209.10.73.170 = statler.nyc.earthweb.net
209.10.73.147 = waldorf.nyc.earthweb.net
209.10.73.146 = statler.nyc.earthweb.net

Dunno what direct.ca is, statler is sysopt's server, waldorf is another earthweb server (been to any other earthweb sites lately?).

Scott

[This message has been edited by SysOpt (edited 01-30-2000).]

Man...some peoples kids!!!
After I opted out, later in the day and after I had downloaded a new firewall...guess who was scanning my ports and trying to access my computer even though my browser WASN'T open???? HERE'S the PROOF!!!
1 0000000000000 101ms 96ms 99ms TTL: 0
2 208.233.220.1 102ms 98ms 98ms TTL: 0 (No rDNS)
3 208.22.32.81 116ms 105ms 101ms TTL: 0 (No rDNS)
4 208.0.145.254 131ms 105ms 101ms TTL: 0 (No rDNS)
5 144.232.190.89 115ms 111ms 108ms TTL: 0 (sl-gw7-rly-1-1-1.sprintlink.net ok)
6 144.232.7.233 111ms 114ms 109ms TTL: 0 (No rDNS)
7 144.232.0.34 160ms 117ms 227ms TTL: 0 (sl-bb1-rly-4-0-0.sprintlink.net ok)
8 207.240.56.165 128ms 117ms 110ms TTL: 0 (h4-0.wdccolo-peer1.bbnplanet.net ok)
9 207.240.1.218 120ms 114ms 114ms TTL: 0 (p1-0-0.cvacolo-core2.bbnplanet.net ok)
10 207.240.7.147 122ms 112ms 115ms TTL: 0 (fa5-1-0.cvacolo-border1.bbnplanet.net ok)
11 204.198.128.3 124ms 112ms 122ms TTL: 0 (fa1-0.router02.cva-colo.bbnplanet.net ok)
12 128.11.60.95 127ms 117ms 118ms TTL: 53 (doubleclick40.cva-colo.bbnplanet.com ok)
I logged it did a traceroute and attached to their server and sent them and my ISP Administrator a copy of the log requesting an explanation.
I deleted my isp in this post for obvious reasons.

Whoa I am feelin it

sincerely
Vincent

Scott..

If they have 209.10.73.146 & 147...

Yes..that's them.

They say Illegal request when you check them out.

Thanks

~edit..at least we know ZoneAlarm works..that's on the bright side http://www.sysopt.com/forum/smile.gif
The dull side...it is very annoying when they keep probing you every 15 secs or so. ~end edit

[This message has been edited by R[][]FER (edited 01-30-2000).]

Hmm.. Ok I'll let our server folks know.. It might just be a side effect of the ad serving software. I know that some multiplayer gaming servers that I scan or connect to (through gamespy, etc.) show up as scanning my TCP ports, but it's harmless.

Scott

[This message has been edited by SysOpt (edited 01-30-2000).]

Hey Jad1097,
Don't let the B*****ds get ya down, BTW YGM.
They sent me an automatic return e-mail with Ticket number xxxxx, I mean, how personal, how warm, how ... never mind.
Cool thing is, now they don't get through to your comp, it's in stealth mode.
I think enough e-mails could maybe, just maybe get their attention, but only if they thought they were on some kind of shaky legal grounds.
Best of luck in the crusade,
...CHNsaw

Scott...

Direct.ca is my ISP

It's easy if we just turn off the Alert message pop-up.

Don't worry about it. At least the program does work.

Thanks for your concerns and response.

This is a quote from our IS department regarding EarthWeb's "statler" server causing the TCP port scans:

"Conclusion:

This is normal for any TCP/IP connection. The software they are using to identify "scanning" must not be good enough to differ between a normal connection and a portscan."

I think that's probably correct because I have no problems with BlackICE.

Scott

Thank you Scott, That must be why ZA is a free program.Is it possible for you to ask you IS department if they could provide me with a link that would help me understand this better?
I would like to go back to BID but it allows people to see my mac address,computer name,etc.. through NetBios. I tried to correct this problem the way it is explained on the Sheilds Up page with no luck.

I'm with R[][]FER about the message alerts with ZA, just disable the pop-ups. This way it doesn't create a cause for worry everytime questionable port activity takes place. The program is excellent freeware, and I hope development continues for quite a long time. Take peace in knowing that your ports are basically non exisistent, so why do care if someone wants to "try" to scan something that won't even exist to them.

If you need logging and better tracing options, BID is the software of choice, but it also costs. For the average home computer, ZA does a decent job. Most "hackers" and "crackers" are not interested in home PC's, and even if they attempt it, the placement of a firewall (which can be defeated, but usually through a long and tedious process) is too much effort to hack to exploit the common user.

[This message has been edited by RobRich (edited 01-31-2000).]

RobRich...

Just to clarify...I was only saying that "we" (wife and I) could just turn it off.
I wasn't making decisions for everyone http://www.sysopt.com/forum/smile.gif
Thanks

This is the response I recieved this morning.Funny the did not even acknoledge the port scans.
Bob I am also running BID. Also I have disabled that pop up window and stoped worrying about it.

Thank you for contacting DoubleClick with your concerns.
Protecting the privacy of consumers is of paramount importance to
DoubleClick. We are founding members of several organizations
(NetCoalition.com and Network Advertising Initiative) that are currently
creating standards that protect online consumer privacy, and belong to the
Online Privacy Alliance. First and foremost, we want to make sure that you
understand exactly what we do, and to clear up any misperceptions that exist
in the media or marketplace.

First, it is important to understand that Web advertising is
critical to ensuring that consumers like yourself can continue to access Web
sites at no cost. Effective Web advertising assures that the Web's
information, content, and resources remain free for everyone.

Second, we would like to clear up a huge misconception in
the marketplace that companies such as DoubleClick have the ability to
"track" what an Internet user is doing throughout the Web without their
knowledge or consent. The fact is that the only time DoubleClick knows when
a user visits a Web site is if DoubleClick is serving an ad to that
particular Web site. Even then, the information that is collected by
DoubleClick is used only for advertising and reporting purposes, so that our
customers can gauge the effectiveness of their advertising campaigns.

DoubleClick does not know the identity of any user to whom
DoubleClick delivers an ad until and unless that user has been provided
notice about and consented to having his or her personal information used
in connection with selecting the advertising and online marketing services
he or she receives .

You should also know that DoubleClick does not sell any
information collected from cookies to third parties. DoubleClick has an
explanation of what a "cookie" is and how it is used on its Web site that we
invite you to read at http://www.doubleclick.net/privacy_policy/.

Simply put, cookies are small text files that are sent to a
user's hard drive in order to facilitate surfing on the Internet. They are
commonly used by Web sites to maintain a customized environment for each
user and to make it easier for customers to purchase goods and services.
DoubleClick also uses cookies to limit the number of times a customer sees
an ad, which our customers have told us is important to them. We also use
them to measure ad effectiveness on behalf of advertisers and Web sites with
which DoubleClick does business.

However, please be assured that until, and unless, a person
chooses to provide personally identifiable information to a Web site,
DoubleClick has no way to know their identity. All DoubleClick knows is
that a computer's browser is visiting the site.

Finally, we want you to know that DoubleClick creates
profiles about consumers for the purpose of delivering ads and direct
marketing materials in which the user may have an interest. Again,
DoubleClick does not create a profile about any user unless that consumer
has received notice and the opportunity to opt out from such profiling.
Moreover, DoubleClick does not create profiles that contain sensitive
information such as a consumer's medical information. Consumers can
absolutely choose not to accept DoubleClick cookies or to receive ads
tailored to their personal information by opting out at DoubleClick's Web
site at http://www.doubleclick.net/privacy_policy/privacy.htm.

We hope that you will take a minute to read the complete
discussion of what information DoubleClick does collect and how it's used.
Please visit our privacy policy on our Web site at http://www.doubleclick.net/privacy_policy/. The page also provides you
with the opportunity to opt out from DoubleClick's cookies.

Thank you for contacting us with your concerns. We hope
that this letter has helped to clear them up and that you will contact us if
you need more information.

Sincerely,
DoubleClick, Inc. (NASDAQ: DCLK) http://www.doubleclick.net



[This message has been edited by jad1097 (edited 02-01-2000).]

DoubleClick?
DoubleSpeak more like. Read '1984' and come back to me on that one.
Sorry, in cynical mode.

U-96