cancel
Showing results for 
Search instead for 
Did you mean: 

Port Scan

home99
Grafter
Posts: 254
Registered: 30-07-2007

Port Scan

Hi,

I am using Sygate Personal firewall and it recently alerted me to a port scan. I used back trace to establish the origin and it stated that the origin was Plusnet.

Is this part of Plusnets normal procedure for checking my bits and pieces or what?

Can anyone enlighten me?

Thanks
21 REPLIES
Plusnet Staff
Plusnet Staff
Posts: 12,169
Thanks: 18
Fixes: 1
Registered: 04-04-2007

Port Scan

Hi,

Do you know the IP address that scanned you? It's possible that it is another customer scanning you, or infected with a virus, or it could be something legitimate such as a reply from one of our DNS servers that has msinterpreted.
home99
Grafter
Posts: 254
Registered: 30-07-2007

Port Scan

Hi Dave,

The IP addresses quoted are

inetnum: 80.229.48.0 - 80.229.63.255

route:80.229.0.0/16.

Hope this gives you more information. If not I have the whole RIPE report.

Thanks
home99
Grafter
Posts: 254
Registered: 30-07-2007

Port Scan

....and the remote host is 80.229.58.229.

Thanks
lowry
Grafter
Posts: 478
Registered: 08-04-2007

Port Scan

I had the same IP address scanning me repeatedly for a while. However, since my firewall knew about it and it was blocking it I was not too worried but I kept the logs and a screenshot of the logs in case the problem persisted.

If I recall correctly you can raise a ticket to report this sort of thing or use abuse@plus.net - but I am not sure.

matt Wink
home99
Grafter
Posts: 254
Registered: 30-07-2007

Port Scan

I've sent all the info to the email address abuse@plus.net. I wonder if they can establish anything?

Cheers
N/A

Port Scan

I've been getting exactly the same thing, using Sygate too. Must mail Plusnet about it.

Damien
N/A

Port Scan

Checking the log of port scans on my firewall I see that about two thirds of them originate from plusnet, force9 and free-online (mine specifies the domain name).
N/A

Port Scan

host 80.229.58.229 appears to be username childcarebccs.
You could email them postmaster@childcarebccs.plus.com
home99
Grafter
Posts: 254
Registered: 30-07-2007

Port Scan

Out of interest, how do you establish that?
lowry
Grafter
Posts: 478
Registered: 08-04-2007

Port Scan

He looked up the DNS of the IP Address and discovered that it was the address he mentioned. PlusNet, by default, use the username as the RDNS and so you could work out the primary mailbox address to contact the user. Wink

matt Wink
N/A

Port Scan

A quick and easy way in XP (pro at least don't know about home)

open a command prompt (press winkey + r and type cmd - then press enter)

at the prompt type nslookup <ip address here> - then press enter

Or go to this website (just one of many which offer these services)

http://monitor.plus.net/tools.php
lowry
Grafter
Posts: 478
Registered: 08-04-2007

Port Scan

I usually enter the IP in to the RIPE whois facility. It provides very detailed information.

matt Wink
home99
Grafter
Posts: 254
Registered: 30-07-2007

Port Scan

Excellent, thankyou very much.

So do you think a quick email to the port scanning 'culprit' would be the right approach? Or leave it to Plusnet?
N/A

Port Scan

This issue has been debated at length in this thread

http://portal.plus.net/central/forums/viewtopic.php?t=18912