[Dshield] constant scans from my own ISP
Samuel at socal.rr.com
Mon Aug 6 00:57:24 GMT 2001
On the subject of an excess of intrusion atttemps from "my ISP" I have been getting an excess of ZoneAlarm alerts today from a number of IP addresses in the range 24.24.*.*, which are owned by "my ISP", Road Runner. I will post them to DShield but I have not yet. I was trying to get caught up on all the messages to this mailing list first, but there are still over 500 for me to get through. I know I am not required to read the mailing list to use the web site.
The ones that I am especially curious about are the ones similar to the following samples. The following are just the source IP addresses and the host names corresponding to the IP address. Are these significant or am I just not experienced enough to know what is significant? These are all from today, within the past couple of hours.
184.108.40.206 (TCP Port 4355) HubTU-mcr-24-24-103-16.midsouth.rr.com
220.127.116.11 (TCP Port 3079) HubV-mcr-24-24-96-190.midsouth.rr.com
18.104.22.168 (TCP Port 4113) HubTU-mcr-24-24-103-16.midsouth.rr.com
22.214.171.124 (TCP Port 4310) HubD-mcr-24-24-100-110.midsouth.rr.com
126.96.36.199 (TCP Port 3308) HubS-mcr-24-24-112-224.midsouth.rr.com
188.8.131.52 (TCP Port 1350) HubP-mcr-24-24-105-190.midsouth.rr.com
----- Original Message -----
To: dshield at dshield.org
Sent: Sunday, August 05, 2001 2:11 PM
Subject: [Dshield] constant scans from my own ISP
I have been getting scanned constatly from the following segment 65.92.*.* I am using stars for the last 2 sets as it is all over the range given to BellNexus. The sad part is it is my ISP. I called tech support and asked if they were infected with the code red worm or if it was a script from their servers as it was all over their block, he told me " well sir I garentee you it is not our system that is doing the scans. If you think you have a valid complaint sumit it to Abuse at sympatico I told him I would do so, but would also be posting my logs to Dshield,(something I did not want to do as it was my own ISP) and he said that was fine. I thaough that by calling them it could be resolved relitivly easily but.....
ps if someone thinks that the logs will tell them something they are wlecome to them
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the list