[Dshield] Fw: NTL Support/Abuse Staff

john.worley john.worley at ntlworld.com
Wed Aug 29 19:27:01 GMT 2001


Hi All.    I have read this on My ISP's Newsgroup and was wondering if
in fact this is right, as I have also been shown as an attacker Three
Times,  Is there any truth in what Robin Walker has pointed out.
Many Thanks  John Worley.




----- Original Message -----
From: "Robin Walker" <rdhw at cam.ac.uk>
Newsgroups: ntl.support.broadband.cm
Sent: Wednesday, August 29, 2001 7:28 PM
Subject: Re: NTL Support/Abuse Staff


in article b1aj7.4804$%P3.25208 at news11-gui.server.ntli.net, Paul H at
paul.humphreysno spam at ntlworld.com wrote on 29/8/01 18:56:

> I regularly send my Zonealarm firewall logs to this organisation
> http://www.dshield.org/ and have known been told that my IP, (that's
you
> NTL), have been involved in attacks on other users. Their report
reads:.....
>
> IP Address: 62.253.32.5
> HostName: inktomi2-nor.server.ntl.com
> DShield Profile: Country: GB
> Contact E-mail: nmc at ntli.net
> Total Records against IP:  3
> Number of targets:  3
> Date Range: 2001-08-04 to 2001-08-04
> Ports Attacked (up to 10):
>
> Please advise current status of your Servers and Inkomi Caches...do
they
> need patching?

I think this Dshield report is worthless.  Consider:

1. an NTL user sends their web browser to http://[IP number or DNS
address
somewhere]/

2. The request is routed via the local web proxy.

3. The target host is firewalled on port 80, and registers a stopped
attempt.

4. That host's user sends their logs to Dshield.

5. The web proxies get listed as attackers.

--
Robin Walker
rdhw at cam.ac.uk





More information about the list mailing list