cancel
Showing results for 
Search instead for 
Did you mean: 

Suspicious activity on my network

Gintas
Dabbler
Posts: 10
Registered: ‎19-05-2019

Suspicious activity on my network

I get email "We've opened a Question on your account" almost moth ago

We have received reports that a PC using your IP address has been scanning other networks looking for vulnerable ports.

 The most likely explanation for this is that you are infected with a virus. Please disinfect your system, and then inform us using the Help Assistant in the customer portal (http://portal.plus.net/wizard/index.html, click on Customer Services & Billing) that you have done so.

 We do not recommend a specific anti-virus product, but one freely available virus checker is AVG AntiVirus, available from http://www.grisoft.com/ . Other free and commercially offered products are also available.

Please do not hesitate to get back in touch online at http://contactus.plus.net or by phone on 0800 432 0200 if we can be of further assistance.

Kind regards,

Dudley Ricks

I ignore it because it not looked serious. Yesterday I found message in voicemail that my account will be restricted until it by sorted. Restricted no sound fun.. Problem is that my computer for me is clean. I think is because utorrent app running 24/7. So can't do with my internet what I want? utorrent malicious software?

And I don't use provided "router", because I have Vigor 130 modem and EdgeRouter ER-6P if that makes any different.

7 REPLIES 7
jab1
Legend
Posts: 17,767
Thanks: 5,778
Fixes: 266
Registered: ‎24-02-2012

Re: Suspicious activity on my network

@Gintas Have you confirmed your machine is 'clean' by running your antivirus suites checking facility - that is, if you have an AV program?

John
pvmb
Pro
Posts: 646
Thanks: 79
Fixes: 3
Registered: ‎12-02-2014

Re: Suspicious activity on my network

μTorrent

https://en.wikipedia.org/wiki/%CE%9CTorrent

"μTorrent, or uTorrent (see pronunciation) is a proprietary adware BitTorrent client owned and developed by Rainberry, Inc. The "μ" (Greek letter "mu") in its name comes from the SI prefix "micro-", referring to the program's small memory footprint: the program was designed to use minimal computer resources while offering functionality comparable to larger BitTorrent clients such as Vuze or BitComet. μTorrent became controversial in 2015 when many users unknowingly accepted a default option during installation which also installed a cryptocurrency miner."

Baldrick1
Moderator
Moderator
Posts: 11,956
Thanks: 5,333
Fixes: 421
Registered: ‎30-06-2016

Re: Suspicious activity on my network


@Gintas wrote:

So can't do with my internet what I want?


Not if your ISP's monitoring system raises a red flag as the result of your activities..

From a quick Google search I read that this software is identified as either malicious or a PUP by many AV companies. Have you considered, or do you run it, through a VPN?

Moderator and Customer
If this helped - select the Thumb
If it fixed it,  help others - select 'This Fixed My Problem'

dvorak
Moderator
Moderator
Posts: 29,654
Thanks: 6,668
Fixes: 1,485
Registered: ‎11-01-2008

Re: Suspicious activity on my network

You either need to downgrade to an older version of utorrent or migrate to qbittorrent.

Personally I would remove utorrent asap, it’s a nasty bit of software these days.
Customer / Moderator
If it helped click the thumb
If it fixed it click 'This fixed my problem'
bobpullen
Community Gaffer
Community Gaffer
Posts: 16,916
Thanks: 5,021
Fixes: 316
Registered: ‎04-04-2007

Re: Suspicious activity on my network

I second @dvorak's recommendation. uTorrent is poison these days.

However, @Gintas - I've a suspicion you may be jumping to conclusions.

@Gintas wrote:

And I don't use provided "router", because I have Vigor 130 modem and EdgeRouter ER-6P if that makes any different.

And you are exposing the EdgeRouter interface to everybody on the Internet from what I can tell.

You also have a bunch of other ports open to the Internet, including default SSH and DNS ports. Are you doing this intentionally? I'm hoping you haven't genuinely got a DNS service running on your network that can be queried from the Internet?

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

Anonymous
Not applicable

Re: Suspicious activity on my network

@Gintas 

 

It's probably worth running GRC's ShieldsUP! to see which ports are exposed

 

Go to the GRC website  -  ShieldsUP!

Click on <Proceed>

Click on the button <All Service Ports>  in the centre of that page

Then wait and see what the results are,  hopefully every port should be green (Stealth).

 

While you are on the GRC website, you might as well run their UPnP test to see if your router has UPnP vulnerabilities -

 

Again go to the GRC website  -  ShieldsUP!

Click on <Proceed>

This time click on the orange button <GRC's Instant UPnP Exposure Test>

Then wait and see what the results are.

.

 

RobPN
Seasoned Hero
Posts: 5,155
Thanks: 2,712
Fixes: 13
Registered: ‎17-05-2013

Re: Suspicious activity on my network

@Gintas 

I'll 'third' the recommendation above regarding newer versions of uTorrent.

I haven't bothered to look what version it's up to now, but my really old uTorrent version 1.8.2 (apparently from 2009) is running 24/7 with no problems.