[Dshield] constant scans from my own ISP

Samuel Samuel at socal.rr.com
Mon Aug 6 00:57:24 GMT 2001

On the subject of an excess of intrusion atttemps from "my ISP" I have been getting an excess of ZoneAlarm alerts today from a number of IP addresses in the range 24.24.*.*, which are owned by "my ISP", Road Runner. I will post them to DShield but I have not yet. I was trying to get caught up on all the messages to this mailing list first, but there are still over 500 for me to get through. I know I am not required to read the mailing list to use the web site.

The ones that I am especially curious about are the ones similar to the following samples. The following are just the source IP addresses and the host names corresponding to the IP address. Are these significant or am I just not experienced enough to know what is significant? These are all from today, within the past couple of hours. (TCP Port 4355) HubTU-mcr-24-24-103-16.midsouth.rr.com (TCP Port 3079) HubV-mcr-24-24-96-190.midsouth.rr.com (TCP Port 4113) HubTU-mcr-24-24-103-16.midsouth.rr.com (TCP Port 4310) HubD-mcr-24-24-100-110.midsouth.rr.com (TCP Port 3308) HubS-mcr-24-24-112-224.midsouth.rr.com (TCP Port 1350) HubP-mcr-24-24-105-190.midsouth.rr.com

  ----- Original Message ----- 
  From: Dovescom 
  To: dshield at dshield.org 
  Sent: Sunday, August 05, 2001 2:11 PM
  Subject: [Dshield] constant scans from my own ISP

  I have been getting scanned constatly from the following segment 65.92.*.* I am using stars for the last 2 sets as it is all over the range given to BellNexus. The sad part is it is my ISP. I called tech support and asked if they were infected with the code red worm or if it was a script from their servers as it was all over their block, he told me " well sir I garentee you it is not our system that is doing the scans. If you think you have a valid complaint sumit it to Abuse at sympatico I told him I would do so, but would also be posting my logs to Dshield,(something I did not want to do as it was my own ISP) and he said that was fine. I thaough that by calling them it could be resolved relitivly easily but.....


  ps if someone thinks that the logs will tell them something they are wlecome to them
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.dshield.org/pipermail/list/attachments/20010805/4fd2bd33/attachment.htm

More information about the list mailing list