[Dshield] Please help

William W william.westrum at videotron.ca
Mon Oct 29 22:07:03 GMT 2001

For the past 2 weeks it seems that I've been 'under attack' by users from my
own ISP.
In the last 7 days alone, I have been targeted 500+ times by 24.202.X.X

Please look at the last 10 lines from my ZoneAlarm log ;

FWIN,2001/10/29,14:48:36 -5:00 GMT,,24.202.59.XXX:80,TCP
FWIN,2001/10/29,15:11:21 -5:00 GMT,,24.202.59.XXX:80,TCP
FWIN,2001/10/29,15:37:13 -5:00 GMT,,24.202.59.XXX:80,TCP
FWIN,2001/10/29,15:54:27 -5:00 GMT,,24.202.59.XXX:80,TCP
FWIN,2001/10/29,15:57:45 -5:00 GMT,,24.202.59.XXX:80,TCP
FWIN,2001/10/29,15:58:08 -5:00 GMT,,24.202.59.XXX:80,TCP
FWIN,2001/10/29,16:06:36 -5:00 GMT,,24.202.59.XXX:80,TCP
FWIN,2001/10/29,16:17:26 -5:00 GMT,,24.202.59.XXX:80,TCP
FWIN,2001/10/29,16:27:03 -5:00 GMT,,24.202.59.XXX:80,TCP
FWIN,2001/10/29,16:45:49 -5:00 GMT,,24.202.59.XXX:80,TCP

As you can see, all of them involve target port 80 (HTTP), other ports
targeted are : 111, 137, 139, 445
and for the last few days port 27374 (about 50 times).

I wrote my ISP (Videotron Ltd) about this last week, but I havent't received
a reply yet. D-shield
has sent (on my behalf using the automated report system) a total of 7
emails to them. No replies yet.

Should I be worried ? Or is it 'normal' to receive that many hits from users
from the same ISP ?

Thanks for all your replies, I'm new to this, so my excuses if these
questions seem silly.

Kind regards,

William Westrum
william.westrum at videotron.ca

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.dshield.org/pipermail/list/attachments/20011029/65a33df3/attachment.htm

More information about the list mailing list