cancel
Showing results for 
Search instead for 
Did you mean: 

Capacity / Virus

N/A

Capacity / Virus

There is a lot of talk on these about forums / capacity.
What does plusnet do to wipe out the users that not only choke up plusnet with useless crap but also use the other users bandwidth.

eg this it a logs from the router for about 30 mins. Can provide more / timestamps if you wish.

%SEC-6-IPACCESSLOGP: list 120 denied tcp 84.92.186.92(4019) -> 84.92.77.x(135), 2 packets
%SEC-6-IPACCESSLOGP: list 120 denied tcp 84.92.186.92(4013) -> 84.92.77.x(135), 1 packet
%SEC-6-IPACCESSLOGP: list 120 denied tcp 84.92.186.92(4151) -> 84.92.77.x(445), 2 packets
%SEC-6-IPACCESSLOGP: list 120 denied tcp 84.92.186.92(4149) -> 84.92.77.x(445), 2 packets
%SEC-6-IPACCESSLOGP: list 120 denied tcp 84.92.186.92(3951) -> 84.92.77.x(139), 2 packets
%SEC-6-IPACCESSLOGP: list 120 denied tcp 84.92.186.92(3956) -> 84.92.77.x(139), 1 packet
%SEC-6-IPACCESSLOGP: list 120 denied tcp 84.92.186.92(4152) -> 84.92.77.x(445), 2 packets
%SEC-6-IPACCESSLOGP: list 120 denied tcp 84.92.186.92(4033) -> 84.92.77.x(135), 2 packets
%SEC-6-IPACCESSLOGP: list 120 denied tcp 84.92.186.92(4036) -> 84.92.77.x(135), 2 packets
%SEC-6-IPACCESSLOGP: list 120 denied tcp 84.92.186.92(434Cool -> 84.92.77.x(139), 2 packets
%SEC-6-IPACCESSLOGP: list 120 denied tcp 84.92.186.92(4361) -> 84.92.77.x(139), 2 packets
%SEC-6-IPACCESSLOGP: list 120 denied tcp 84.92.186.92(4345) -> 84.92.77.x(139), 2 packets
%SEC-6-IPACCESSLOGP: list 120 denied tcp 84.92.186.92(3947) -> 84.92.77.x(139), 1 packet
6 REPLIES
Plusnet Staff
Plusnet Staff
Posts: 12,169
Thanks: 18
Fixes: 1
Registered: 04-04-2007

Capacity / Virus

Hi,

The best thing to do is email abuse@plus.net with the details of any PlusNet customers that are port scanning/infected with a virus/infected with a virus. First step is generally to email them to say we've had a report of X, we suggest you do Y, further reports will be followed up (after giving a reasonable amount of time for them to fix the problem). In the most extreme cases then we will block mail (in the case of spam) or the connection completely.
Zathras
Grafter
Posts: 295
Registered: 01-08-2007

Capacity / Virus

On the same subject Ive emailed abuse@plus.net 3 times in the last 2 months about the same plusnetter who scans me every 44mins hes online and its still happening. Sad
Liam
Grafter
Posts: 2,083
Registered: 04-04-2007

Capacity / Virus

I've flagged that case up for you - we'll see if there is anything we can do.
Community Gaffer
Community Gaffer
Posts: 12,799
Thanks: 630
Fixes: 62
Registered: 04-04-2007

Capacity / Virus

Hi there,

The guy who handles the abuse complaints isn't in at the moment. I'll have a word with him when he's next in but I know that the abuse mailbox is certainly not months behind.

Regarding the OP this is clearly the result of a virus infection on the originating machine. We actually block ports 135 and 445 on the perimeter of our network. Unfortunately as this example is between Plusnet customers it is getting through as the traffic never leaves the network.

Kind Rgds,

Bob Pullen
Plusnet Products Team
If I've been helpful then please give thanks ⤵

Community Gaffer
Community Gaffer
Posts: 12,799
Thanks: 630
Fixes: 62
Registered: 04-04-2007

Capacity / Virus

Quote
On the same subject Ive emailed abuse@plus.net 3 times in the last 2 months about the same plusnetter who scans me every 44mins hes online and its still happening. Sad


Hi,

I have emailed this user again, called them and left a message so you should hopefully see it stop.

In response to the original poster, I have emailed this user for you.

Please let me know if either instances are still occurring after a few days.

Rgds,

Bob Pullen
Plusnet Products Team
If I've been helpful then please give thanks ⤵

N/A

Capacity / Virus

Quote
Hi,

The best thing to do is email abuse@plus.net with the details of any PlusNet customers that are port scanning/infected with a virus/infected with a virus. First step is generally to email them to say we've had a report of X, we suggest you do Y, further reports will be followed up (after giving a reasonable amount of time for them to fix the problem). In the most extreme cases then we will block mail (in the case of spam) or the connection completely.


I have emailed that address several times but nothing happens.
I do know how to use whois. I didnt ask what i should do. I asked what action plusnet takes to stop them from doing it.