[Dshield] Please help

William W william.westrum at videotron.ca
Mon Oct 29 22:07:03 GMT 2001


For the past 2 weeks it seems that I've been 'under attack' by users from my
own ISP.
In the last 7 days alone, I have been targeted 500+ times by 24.202.X.X

Please look at the last 10 lines from my ZoneAlarm log ;

FWIN,2001/10/29,14:48:36 -5:00 GMT,24.202.29.51:1207,24.202.59.XXX:80,TCP
(flags:S)
FWIN,2001/10/29,15:11:21 -5:00 GMT,24.202.235.100:3618,24.202.59.XXX:80,TCP
(flags:S)
FWIN,2001/10/29,15:37:13 -5:00 GMT,24.202.29.51:3759,24.202.59.XXX:80,TCP
(flags:S)
FWIN,2001/10/29,15:54:27 -5:00 GMT,24.202.166.154:4396,24.202.59.XXX:80,TCP
(flags:S)
FWIN,2001/10/29,15:57:45 -5:00 GMT,24.202.26.46:1197,24.202.59.XXX:80,TCP
(flags:S)
FWIN,2001/10/29,15:58:08 -5:00 GMT,24.202.166.154:2202,24.202.59.XXX:80,TCP
(flags:S)
FWIN,2001/10/29,16:06:36 -5:00 GMT,24.202.166.154:4463,24.202.59.XXX:80,TCP
(flags:S)
FWIN,2001/10/29,16:17:26 -5:00 GMT,24.202.29.51:4147,24.202.59.XXX:80,TCP
(flags:S)
FWIN,2001/10/29,16:27:03 -5:00 GMT,24.202.235.100:4178,24.202.59.XXX:80,TCP
(flags:S)
FWIN,2001/10/29,16:45:49 -5:00 GMT,24.202.235.100:4881,24.202.59.XXX:80,TCP
(flags:S)

As you can see, all of them involve target port 80 (HTTP), other ports
targeted are : 111, 137, 139, 445
and for the last few days port 27374 (about 50 times).

I wrote my ISP (Videotron Ltd) about this last week, but I havent't received
a reply yet. D-shield
has sent (on my behalf using the automated report system) a total of 7
emails to them. No replies yet.

Should I be worried ? Or is it 'normal' to receive that many hits from users
from the same ISP ?

Thanks for all your replies, I'm new to this, so my excuses if these
questions seem silly.

Kind regards,

William Westrum
william.westrum at videotron.ca

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.dshield.org/pipermail/list/attachments/20011029/65a33df3/attachment.htm


More information about the list mailing list