I have taken the time to email you and send you a copy of my Internet Log so if it is possible could you please STOP trying to gain access to my computer . I know a few of these are not your hits but you get the general idea , 12-15 attempts a night is not right so if the problem does not stop I will be forced to follow legal actions but I dont want to do that I am hoping that now you know it is happening it WILL STOP

steve
my log went here, I am viewing at 1600x1200 so I can fit alot on my screen I just counted them and I got 212 hits from 8/6/01 to 8/29/01 is that normal?

Im on Roadrunner and I usually got 1-5 hits a day from them, sometimes I would get 40-50 in a day but that was very rare.
But 212 in 23 days, that dosent sound right

Originally posted by silent bob
I have taken the time to email you and send you a copy of my Internet Log so if it is possible could you please STOP trying to gain access to my computer . I know a few of these are not your hits but you get the general idea , 12-15 attempts a night is not right so if the problem does not stop I will be forced to follow legal actions but I dont want to do that I am hoping that now you know it is happening it WILL STOP

steve
my log went here, I am viewing at 1600x1200 so I can fit alot on my screen I just counted them and I got 212 hits from 8/6/01 to 8/29/01 is that normal?

I dont really think your ISP would be trying to gain access to your computer, it could perhaps be some lose code red going around, but as you say, 12-15 attemps a night is pretty high, what exactly are these attemps consiting of?

-Trek

Sounds like CodeRed. Look in your logs and see if any of the entries contain a bunch of X's A's N's or H's. If they show up, do a search on the notepad file for the word "worm" without quotes of course.

If worm doesn't show up, then your clean. If the's X's and stuff follow your ISP's IP addy, then they are infected and it is trying to propogate to your machine.

Originally posted by Kingslayer
Sounds like CodeRed. Look in your logs and see if any of the entries contain a bunch of X's A's N's or H's. If they show up, do a search on the notepad file for the word "worm" without quotes of course.

If worm doesn't show up, then your clean. If the's X's and stuff follow your ISP's IP addy, then they are infected and it is trying to propogate to your machine.

Nasty stuff I tell ya, your only in danger if your running w2k,NT, you can find more information and a link for the patch here.

http://www.cbsnews.com/now/story/0,1597,304209-412,00.shtml

-Trek

updated my anti virus 2 days ago and the time befor that was about 2 weeks ago so I dont think it is a virus I did check my log and no X's H's A's or N's in the log and I am running win 98 SE

Originally posted by silent bob
updated my anti virus 2 days ago and the time befor that was about 2 weeks ago so I dont think it is a virus I did check my log and no X's H's A's or N's in the log and I am running win 98 SE

you may be safe, but your ISP may not be :)

I'm interested in hearing what they have to say back, keep us posted m8!

-Trek

not a problem

Btw, off topic..

But Silent bob, did you hear about the next silent bob movie comming up? the previews look pretty funny!

-Trek

here is what I recieved from Earthlink
Dear Steve,

We have received your e-mail. In reviewing your log it
does appear that we have tried on a number of
occasions to gain access to your computer. I could lie
to you and tell you that it is do the the "code red"
virus, but that is not the case. We do so because we
can. If you had bothered to read the small print on
your contract you would have noticed that you relented
the right of privacy when signing up. This I assure
you is standard policy, and we consider all of our
customers, part of our network. As part of our network
it is our duty to police all of "our" computers. You
can try to find some sort of "legal" recourse, but as
you will soon find out, buy you signing the release,
we have full right to access your computer. We have
also noticed that you are running Tone alarm, which is
also a violation of your users agreement. We must ask
you to cease and desist this. It does not stop us from
gaining access, as we already have inspected your hard
drive. (There is some might nice Porn in your document
files) Thanks for your interest in earthdink, and
remember, we are here for you, and also here(c), and
here(d) and oh yes here(e).

Sincerely,

Alex Dixon




is this a bunch of F*&KING BULLS**T now I am ****ED OFF oh did they make a HUGE F**KING MISTAKE ,

Originally posted by silent bob
here is what I recieved from Earthlink
Dear Steve,

We have received your e-mail. In reviewing your log it
does appear that we have tried on a number of
occasions to gain access to your computer. I could lie
to you and tell you that it is do the the "code red"
virus, but that is not the case. We do so because we
can. If you had bothered to read the small print on
your contract you would have noticed that you relented
the right of privacy when signing up. This I assure
you is standard policy, and we consider all of our
customers, part of our network. As part of our network
it is our duty to police all of "our" computers. You
can try to find some sort of "legal" recourse, but as
you will soon find out, buy you signing the release,
we have full right to access your computer. We have
also noticed that you are running Tone alarm, which is
also a violation of your users agreement. We must ask
you to cease and desist this. It does not stop us from
gaining access, as we already have inspected your hard
drive. (There is some might nice Porn in your document
files) Thanks for your interest in earthdink, and
remember, we are here for you, and also here(c), and
here(d) and oh yes here(e).

Sincerely,

Alex Dixon




is this a bunch of F*&KING BULLS**T now I am ****ED OFF oh did they make a HUGE F**KING MISTAKE ,

OMG,

Is this for real man? This is soo unprofessionall (how could I say it any worse here? ).. in other words I"m in tottal aggreeance with you.. do however check over your privatcy rights, and I bet the media would eat this up and spit them out if you passed it around to the right people.

If this is true, they just made a hudge mistake, good luck on getting even, however there is a lil voice inside my head that says this is a stressed out support tech, making a phunny..

-Trek

Well, if you have porn on your computer then maybe they did. If you don't, then you know they're lying.

From Earthlink Internet Service Agreement:

"EarthLink has no obligation to monitor the Services, but may do so and disclose information regarding use of the Services for any reason if EarthLink, in its sole discretion, believes that it is reasonable to do so..."

http://www.earthlink.com/about/policies/dial/index.html

I think its either that they want to scare you in a way or its really true. And also they have this thing, that they can change their disclaimer without telling you about it, so maybe if you did read the print, and it didn't say anything about that, now it might.

I never installed any of the @HOME a$$-istants or any of their software except for DHCP software... No one watches porn from MY computer! LOL :)

I checked and there is no porn in my documents but how did this piece of crap see my email? so yahoo has a problem ? can anyone say FORMAT!!!... last effort but I am going to have some fun first so I may be gone for a while
>>>>I have read the entire Earthlink Sevice Contract and followed all of the links and nowhere does it say anything about firewalls and it being against policies so this email is a fraud but makes you think I sent another email to Earthlink we will see what happens
thanx all I'll keep ya posted

Originally posted by Superman53142
From Earthlink Internet Service Agreement:

"EarthLink has no obligation to monitor the Services, but may do so and disclose information regarding use of the Services for any reason if EarthLink, in its sole discretion, believes that it is reasonable to do so..."

http://www.earthlink.com/about/policies/dial/index.html

Urrrr.... Think I should tell Silent Bob, that I sent the letter? I thought it would be funny and he would know it is a joke, but it seems like it has him a little torqued up. I dont think they should be trying to get into his computer, but I thought he would see the letter and know with the attitude and misspellings, he would know it was a joke. Errr, I better call him now...

Originally posted by robjustice


Urrrr.... Think I should tell Silent Bob, that I sent the letter? I thought it would be funny and he would know it is a joke, but it seems like it has him a little torqued up. I dont think they should be trying to get into his computer, but I thought he would see the letter and know with the attitude and misspellings, he would know it was a joke. Errr, I better call him now...

I was wondering if someone faked the e-mail so it looked like it was from earthlink, but I didnt think anyone here would do that!

Whoa man, DUCK AND RUN, lets hope that this ends peacefully and Silent bob dosent make a fool of himself to earthlink :/

-Trek

Originally posted by Treker


Whoa man, DUCK AND RUN, lets hope that this ends peacefully -Trek

it ended peacefully, it was funny AFTER rob called, but up until that point I was P.O'ed (is that exceptable cursing ?)

SORRY for the profanity earlier but I was steamed
I went a little balistic ,but ,all is good but I am still waiting for a reply to my email

Sorry again, Steve. Let us know when you get the real responce.

Originally posted by silent bob


it ended peacefully, it was funny AFTER rob called, but up until that point I was P.O'ed (is that exceptable cursing ?)



Yes

Originally posted by robjustice


Urrrr.... Think I should tell Silent Bob, that I sent the letter? I thought it would be funny and he would know it is a joke, but it seems like it has him a little torqued up. I dont think they should be trying to get into his computer, but I thought he would see the letter and know with the attitude and misspellings, he would know it was a joke. Errr, I better call him now...

That wasn't very nice! You had me believing, too. Pretty bogus I say. Still funny though.

Joke or not, I still have my eyes on those evil ISPs.... I'm watching, but they don't know that! :D

I dont know what kind of activity is coming into your machine since you havent mentioned, but it is quite common for alot of ISP's to ping their clients periodically. When I had a leased line, my upstream would sometimes call ME with a problem before I even knew I had one. How did they know? Because their system wasnt able to ping my router or there was alot of packet loss.

I think other providers do this as well to check for line errors or or other problems that may arise. They cant assume their system is functioning properly 100% of the time and only rely on calls from customers with outages to take action. If they notice a degraded line somewhere they can take preventive measures to correct the problem before it actually becomes an outage.

I owned an ISP and only had 1200 customers in my small town. I had plenty of people worried about their privacy, or email accounts etc. Could I get into someones email if I wanted to? Yes, just like anyone could who worked at say, the local post office. Could I see where people were going on the internet? Yes, if I wanted to. Did I have the time or care to spy on complete strangers, or read emails about people I didnt even know? Believe me, I had more important things to do than worry about what joe public was doing on the internet.

Now take that scenario and multiply it by hundreds of thousandths or millions of users and ask yourself if they're really trying to "get in" your machine.

funny thing happened i got this automated responce email a few days ago , Thu, 30 Aug 2001 17:42:29 -0700 (PDT) ,to be exact and I wanted to see if it quit and they did now they are using one of the other companies they own to do it
-----------------------------------------
This an automatic response to confirm that we have received your
recent report regarding a Network Abuse or Security incident
involving an earthlink.net or sprintmail.com member, and are
taking the following actions to resolve the issue:


The information that you have provided will be used to investigate the
incident for violations of our Acceptable Use Policy at:

http://www.earthlink.net/about/policies/aupolicy.html

Once the investigation is complete, action in accordance with our policies
will be taken against the offending account immediately.

Since the current volume of email prohibits a personal reply to all
reports, unless additional information is required, this may be the only
response you will receive.

EarthLink maintains a "zero tolerance" policy towards spam and network
abuse at any time. If you are an EarthLink member, sign up for EarthLink's
free anti-spam service, the Spaminator <https://spaminator.earthlink.net/>.
The Spaminator uses filtering technology to block spam BEFORE it reaches
your inbox. This free service is for EarthLink members only. Learn how to
become an EarthLink member today < http://www.earthlink.net/join/>.


The following URLs have additional information and resources regarding spam:

http://www.earthlink.net/internet/security/spam/prevent.html
http://www.earthlink.net/blink/aug99/techtip.html

If you are contacting EarthLink regarding a canceled account, please send
an email message with the username in question to AbuseAppeal@earthlink.net .

If you require additional assistance, or have an unresolved complaint,
please contact Information Security directly.

Information Security
EarthLink Network, Inc.
abuse-esc@earthlink.net
----------------------------------------------------
but now Earthlink has NOT tried to gain access now it is some one else I am logging it and I will try and stop them too


--Paiynn
In particular, UDP packets in the range 33434 to 33523 are normal and expected. They're a sign of someone using traceroute.

BUT they are not near that range they are TCP ports 1000-3000 range and I got 12 attempts with a few Ping requests in 2hrs 7min of being on line tonite but I know who these people are too and I have a log running on them so we will see

.........more to follow