cancel
Showing results for 
Search instead for 
Did you mean: 

Ridiculous port scanning or whatever!

Azagoth
Grafter
Posts: 613
Thanks: 1
Registered: 01-08-2007

Ridiculous port scanning or whatever!

This has been going on for weeks now! Non-stop scanning from a Plusnet IP address. I've raised a ticket only for it to be answered with "that's normal background activity". Why can't Plusnet find out who the hell it is and email them a warning saying that their PC may be infected.

If need be It can't be that hard to email all users who've used this IP address in the past 24hrs pointing out that one of their systems may be compromised.

In the space of 3 minutes, this is what I keep getting!

9 REPLIES
N/A

Ridiculous port scanning or whatever!

that's definitely not right - pity it doesnt say what port it's trying as that may give more of an idea what the probing computer might be infected with. Have you tried emailing abuse@plus.net ? With those times they should be able to cross reference the user of the IP and email the account holder. Even to do that mustn't be more than a 5 minute job for someone..
N/A

Ridiculous port scanning or whatever!

Perhaps not too hard for someone with a modicum of tech savvy.




Best not leave it to +net then huh?

Wink
Azagoth
Grafter
Posts: 613
Thanks: 1
Registered: 01-08-2007

Ridiculous port scanning or whatever!

Yep, emailed via the abuse link and all I go was a crappy reply saying it was "normal"! Incidentally, the ports it's after are 135 and 445.

All I know is that's it's slowing my connection down, the connection that I pay money for!
Community Veteran
Posts: 14,469
Registered: 30-07-2007

Ridiculous port scanning or whatever!

If you are getting 100s of these from the same IP then that is not normal and you need to reply and ask again for the problem to be investigated.

Don't be fobbed off by what they have said, stand your ground and insist this is taken seriously.
N/A

Ridiculous port scanning or whatever!

135-137 and 445 are the once vulnerable ports as far as the RPC goes under Winblows.

NetBIOS scanning ports 135-137 is nothing unusual, but I would recommend that the OP try and force +net into some form of action even for the sake of the originators bandwidth!
N/A

Ridiculous port scanning or whatever!

I have flagged this up with comms for you.

There are no guarantees that anything will or can be done, but hopefully it will be looked into.
If you could supply some more loggs showing that this is very regular this should help you I would have thought.
N/A

Ridiculous port scanning or whatever!

Hmm seems like someone hacked the Gateway Node Smiley

Some lucky bugger must of thought he hit heaven rooting a 622mbps Pipe in the UK Tongue
suec45
Grafter
Posts: 566
Registered: 02-10-2007

Ridiculous port scanning or whatever!

Someone has targeted your ip and is trying to find an open port.

Have you upset anyone lately? Cheesy It seems an awful lot of trouble to go to, to try and get into your desktop computer!

If you were a bank or the FBI I could understand it....maybe... Cry

MAybe the IP it comes from is just being used as a proxy tho and has nothing to do with the actual scanning.
JonathanW
Grafter
Posts: 2,648
Registered: 02-10-2007

Re: Ridiculous port scanning or whatever!

Quote
This has been going on for weeks now! Non-stop scanning from a Plusnet IP address. I've raised a ticket only for it to be answered with "that's normal background activity". Why can't Plusnet find out who the hell it is and email them a warning saying that their PC may be infected.


Looking at the image you've linked on this thread, and the one included in the ticket that you raised, they show different things going on in the logs. Have you tried contacting the abuse team with full logs, showing what the screen shot above shows, rather than just a cut down image? As logs showing the above going on for several hours at a time could result in a different answer from the abuse team.