cancel
Showing results for 
Search instead for 
Did you mean: 

IMCP/Welchia traffic from lriadsl.plus.com

N/A

IMCP/Welchia traffic from lriadsl.plus.com

Hi,

I am seeing regular (every hour, 24/7) IMCP ping traffic from 81.174.230.62 (lriadsl.plus.com); it is logged by my IDS (Snort) as 'ICMP PING Cyberkit 2.2 Windows' -- I'm told Snort detects Blaster/Welchia traffic as this.

Is this a PlusNet scanner or something?


Ian.
5 REPLIES
Community Veteran
Posts: 3,181
Thanks: 19
Fixes: 2
Registered: 31-07-2007

IMCP/Welchia traffic from lriadsl.plus.com

PN customer report it to abuse
Unvalued customer since 2001 funding cheap internet for others / DSL/Fibre house move 24 month regrade from 8th May 2017
N/A

IMCP/Welchia traffic from lriadsl.plus.com

I thought the new system on the Redbacks was supposed to stop this sort of thing from happening?
N/A

IMCP/Welchia traffic from lriadsl.plus.com

I read something briefly about Redbacks -- problems installing it or something?

Anyway, is there a recommended way of logging this, or do I just open a support ticket or something?
Community Veteran
Posts: 14,469
Registered: 30-07-2007

IMCP/Welchia traffic from lriadsl.plus.com

I don't think they block pings, it's connections on things like port 135 etc that they block. Pings are used everywhere to check network conections and routing.

Raise a contact us ticket (link on right) and get PlusNet to investigate.
N/A

IMCP/Welchia traffic from lriadsl.plus.com

The redback units do block pings when this virus is detected, however.

In order for this block to be in place, outgoing connections must be seen on port 135.

Also note, that this blocking system isn't in place on the PAYG or Connect platforms.