For the past several days my firewall is blocking a bombardment of intrusion attempts from this Level 3 Communications Inc. outfit.

This happens only when I’m here on Rendo (and nowhere else!).

What relationship does Level 3 have with Rendo (like is it the server for those offsite banner ads or something)?

Below is the info for just one of the IP addresses, but the info is the same for all the IP addresses that are trying to crawl into my computer.

4.234.0.52

OrgName:    Level 3 Communications, Inc.

Address:       1025 Eldorado Blvd.

City:          Broomfield

StateProv:     CO

PostalCode:    80021

Country:       US

Comment:       ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE

Comment:      

RegDate:       1998-05-22

Updated:       2006-03-09

OrgID:      LVLT

Address:    1025 Eldorado Blvd.

City:       Broomfield

StateProv:  CO

PostalCode: 80021

Country:    US

NetRange:   4.0.0.0 - 4.255.255.255

CIDR:       4.0.0.0/8

NetName:    LVLT-ORG-4-8

NetHandle:  NET-4-0-0-0-1

Parent:    

NetType:    Direct Allocation

NameServer: NS1.LEVEL3.NET

NameServer: NS2.LEVEL3.NET

Comment:   

RegDate:   

Updated:    2004-06-04

OrgAbuseHandle: APL8-ARIN

OrgAbuseName:   Abuse POC LVLT

OrgAbusePhone:  +1-877-453-8353

OrgAbuseEmail:  abuse@level3.com

OrgTechHandle: ARINC4-ARIN

OrgTechName:   ARIN Contact

OrgTechPhone:  +1-800-436-8489

OrgTechEmail:  arin-contact@genuity.com

OrgTechHandle: TPL1-ARIN

OrgTechName:   Tech POC LVLT

OrgTechPhone:  +1-877-453-8353

OrgTechEmail:  ipaddressing@level3.com

Thanks for any info you can give me,

Chuck (SWAMP)

they are a hosting company..
got a feeling they just host the adservers that the team here thought was a good idea to sign up with...

it's probably impossible to route packets across the internet in the states without "level 3" being involved, but it's odd they'd do a port scan from one of their routers.

Hi SWAMP,

Thanks for letting us know. It is most likely an advertising cookie.

Late last night, I closed one set of ads that was objectionable (offers didn't appear to be above-board).

If you find a banner that does not appear to be a legitimate offer, please let me know. We will remove misleading or dishonest advertisers.

Thanks,

Lillian

Thanks for responding.

When I log off the Internet, I delete all cookies and temp files so I must be picking them up as soon as I come on Rendo.

“Late last night, I closed one set of ads that was objectionable..”

At the time I was first typing and starting this thread I got hit three times with a port scan…so I don’t think what you closed out was the culprit.

 “If you find a banner that does not appear to be a legitimate offer…etc.”

I am not having an issue with the banner ads as I block out non-site related ads anyway (sorry).

I’m not complaining or being paranoid here, just wondering where all these intrusion attempts/port scans were originating.

I know cookies from some ads servers like tribalfusion.com, are notorious for calling all it’s friends to come “party” in your computer.

Thanks again for looking into this,

Chuck

PS just got hit again as I was reponding and checked but only have two cookies (Rendorosity and Juno my ISP),so really wondering waazup.....(see image).

Info for that IP is......

65.141.45.78

OrgName:    Qwest Communications Corporation
Address:       1801 California Street
City:          Denver
StateProv:     CO
PostalCode:    80202
Country:       US
Comment:      
RegDate:       2006-02-09
Updated:       2006-02-09
OrgID:      QCC-21
Address:    1801 California Street
City:       Denver
StateProv:  CO
PostalCode: 80202
Country:    US

NetRange:   65.128.0.0 - 65.159.255.255
CIDR:       65.128.0.0/11
NetName:    QWEST-INET-18
NetHandle:  NET-65-128-0-0-1
Parent:     NET-65-0-0-0-0
NetType:    Direct Allocation
NameServer: DCA-ANS-01.INET.QWEST.NET
NameServer: SVL-ANS-01.INET.QWEST.NET
Comment:    ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate:    2000-08-23
Updated:    2006-02-09

OrgAbuseHandle: QIA2-ARIN
OrgAbuseName:   Qwest Abuse
OrgAbusePhone:  +1-877-886-6515
OrgAbuseEmail:  abuse@qwest.net

OrgNOCHandle: QIN-ARIN
OrgNOCName:   Qwest IP NOC
OrgNOCPhone:  +1-877-886-6515
OrgNOCEmail:  support@qwestip.net

OrgTechHandle: QIA-ARIN
OrgTechName:   Qwest IP Admin
OrgTechPhone:  +1-877-886-6515
OrgTechEmail:  ipadmin@qwest.com

Attached Link: http://en.wikipedia.org/wiki/HTTP_cookie

A little info about those "harmless" cookies from advertisers.

Advertising companies use third-party cookies to track a user across multiple sites. In particular, an advertising company can track a user across all pages where it has placed advertising images or Web bugs. Knowledge of the pages visited by a user allows the advertisement company to target advertisement to the user's presumed preferences.

The possibility of building a profile of users has been considered by some a potential privacy threat, even when the tracking is done on a single domain but especially when tracking is done across multiple domains using third-party cookies. For this reason, some countries have legislation about cookies.

Besides privacy concerns, there are some other reasons why cookies have been opposed: they do not always accurately identify users, and they can be used for security attacks.

The first link up top has the whole article on cookies. The second link has some scary methods of port scanning and the possible reasons behind it.

I will admit that the article does state that cookies are generally harmless, but privacy aside, some are not when cookie theft is possible. And this possibility is typically exploited by attackers on sites that allow users to post HTML content.

well, at least they got rid of the pub clear house thing. no more web bugs from them. they probably weren't a big privacy breach, though. p.c.h.'s coders would go nuts trying to track 250,000 individual users here, so they might only record the relative frequency with which these poser-related sites are visited (daz, rdna, poserpros, rendervisions, et al.), with a view to deciding what sites to throw more money at.

Lillian H: Hello, kind soul. You wrote above, "If you find a banner that does not appear to be a legitimate offer, please let me know. We will remove misleading or dishonest advertisers."

QUESTION: Doesn't someone at this site (sales, etc.) check out such places b/4 they are used at this most wonderful venue?

Thanks, in advance, for any/all help. MUCH appreciated.

My best, T.P.

Quote - well, at least they got rid of the pub clear house thing.

I'm not so sure about that. Could have sworn I saw it earlier today.

Hi TallPockets,

There is not a "preapprove" option for individual ads that may get served through one of these companies. They serve up ads from hundreds of advertisers.

However, there is a blocking option. It just takes a while to build that blocking list to stop all the ads that the community doesn't like, or finds objectionable.

I think it would be interesting to try a bit of an experiment with the outside banners. For the moment, they are all turned off.

Please let us know if you continue to get these alerts. If you do, we'll know it's not the banner ads.

We want everyone's experience here to be as positive as possible...even when it comes to such things as...YIKES...advertising ;-)

Thanks for all your feedback!

Sounds like a reasonable plan to track things down.

lilly, thanks for checking on those OT banners. it also occurred to me that some users' sigfiles may contain banners or web-bugs that do the same thing. I have them blocked, but it's possible that members who don't block sigfiles may be getting port-scans or cookie requests from sigfile banners or web-bugs. I also have avatars blocked, but of course it would be extremely unlikely any member would have an avatar image associated with a remote server and any cookie requests.