topic Re: Message about scanning for vulnerable ports in Everything else

Message about scanning for vulnerable ports

mike2843 — Tue, 30 Jan 2024 21:19:26 GMT

Hi, a few days ago I recieved a message on the help assistant saying that "We have received reports that a PC using your IP address has been scanning other networks looking for vulnerable ports". I replied asking for more information so I can look into it, but I haven't had any answer, so I have no details about what happened or when, I dont even know if it's still ongoing. I did find my address on an abuse website with reports up to about a week ago, but I don't know if it was actually my address at the time. Obviously I want to fix the problem so I don't get out internet cut off. Would there happen to be anyone around here that could help out find me some more details?

Re: Message about scanning for vulnerable ports

Baldrick1 — Tue, 30 Jan 2024 21:24:33 GMT

Moderator's note:
Thread moved from Full Fibre to Everything Else

Re: Message about scanning for vulnerable ports

Townman — Wed, 31 Jan 2024 00:26:10 GMT

" a few days ago I recieved a message on the help assistant"

What help assistant and from what email address? Are you sure it came from Plusnet?

Sounds a little scamy!

Re: Message about scanning for vulnerable ports

mike2843 — Wed, 31 Jan 2024 04:29:03 GMT

I know! That's what I thought. But I can see it in my notifications on the member centre home page. It's on the "help assistant" at https://www.plus.net/wizard/ which I see says you can no longer ask a question, but that's how the message was sent to me and I can get back to it through that notifications bell. The message below is is all the information I have been given... (names removed)

Dear X,

We have received reports that a PC using your IP address has been scanning other networks looking for vulnerable ports.

The most likely explanation for this is that you are infected with a virus. Please disinfect your system, and then inform us using the Help Assistant in the customer portal (http://portal.plus.net/wizard/index.html, click on Customer Services & Billing) that you have done so.

We do not recommend a specific anti-virus product, but one freely available virus checker is AVG AntiVirus, available from http://www.grisoft.com/ . Other free and commercially offered products are also available.

Kind regards,

Y

Re: Message about scanning for vulnerable ports

Townman — Wed, 31 Jan 2024 08:40:27 GMT

Ah, OK that’s sound.

”Help centre” is legacy PlusNET space for managing support issues aka the ticketing system. You cannot raise new tickets, but you can respond to them.

It does sound as though you have a virus or malware on your computer - what antivirus product do you use?

Re: Message about scanning for vulnerable ports

mike2843 — Wed, 31 Jan 2024 23:38:46 GMT

Ah ok, it looked like that with the help centre. I did respond to the ticket since it let me. Is anyone going to see that?

It's all Linux computers and Android phones so I haven't really got any antivirus. I've got OpenWRT running so I'm using tcpdump to watch out for anything going out on high port numbers or port 22 now. The abuse website mentioned attempted SSH logins but no idea if I had the address at the time. No idea if trying to find vulnerable SSH servers would be included in "scanning for vulnerable ports". Not ideal but it should pick up that and port scans.

Re: Message about scanning for vulnerable ports

Townman — Thu, 01 Feb 2024 02:27:04 GMT

Linux and Android are not immune to malware and virus attack - in fact I'd suggest that they are equally prone if not more so - Linux is a hackers playground!

Linux.Hacktool.Portscan (malwarebytes.com)