[Dshield] Fw: NTL Support/Abuse Staff
john.worley at ntlworld.com
Wed Aug 29 19:27:01 GMT 2001
Hi All. I have read this on My ISP's Newsgroup and was wondering if
in fact this is right, as I have also been shown as an attacker Three
Times, Is there any truth in what Robin Walker has pointed out.
Many Thanks John Worley.
----- Original Message -----
From: "Robin Walker" <rdhw at cam.ac.uk>
Sent: Wednesday, August 29, 2001 7:28 PM
Subject: Re: NTL Support/Abuse Staff
in article b1aj7.4804$%P3.25208 at news11-gui.server.ntli.net, Paul H at
paul.humphreysno spam at ntlworld.com wrote on 29/8/01 18:56:
> I regularly send my Zonealarm firewall logs to this organisation
> http://www.dshield.org/ and have known been told that my IP, (that's
> NTL), have been involved in attacks on other users. Their report
> IP Address: 22.214.171.124
> HostName: inktomi2-nor.server.ntl.com
> DShield Profile: Country: GB
> Contact E-mail: nmc at ntli.net
> Total Records against IP: 3
> Number of targets: 3
> Date Range: 2001-08-04 to 2001-08-04
> Ports Attacked (up to 10):
> Please advise current status of your Servers and Inkomi Caches...do
> need patching?
I think this Dshield report is worthless. Consider:
1. an NTL user sends their web browser to http://[IP number or DNS
2. The request is routed via the local web proxy.
3. The target host is firewalled on port 80, and registers a stopped
4. That host's user sends their logs to Dshield.
5. The web proxies get listed as attackers.
rdhw at cam.ac.uk
More information about the list