cancel
Showing results for 
Search instead for 
Did you mean: 

Intrusion attempts

N/A

Intrusion attempts

Below is a small list from our firewall indicated blocked intrusion attempts.

Surely these can be blocked from the ISP side? If not, I think PlusNet should take a stand and be an ambassador ISP and put this into place.

143.105.8.15 Wed Apr 30 19:45:09 2003 tcp sunrpc (111)
162.42.217.154 Fri May 02 16:41:58 2003 tcp socks (1080)
209.29.82.194 Fri May 02 17:41:04 2003 tcp socks (1080)
217.21.115.6 Sat May 03 01:22:18 2003 tcp socks (1080)
217.21.115.5 Sat May 03 03:51:20 2003 tcp socks (1080)
64.91.54.104 Sat May 03 15:03:08 2003 tcp socks (1080)
217.21.115.10 Sat May 03 15:16:28 2003 tcp socks (1080)
202.103.223.20 Sat May 03 15:19:11 2003 tcp sunrpc (111)
211.56.110.27 Sat May 03 16:25:29 2003 tcp printer (515)
212.68.196.185 Sat May 03 16:30:15 2003 tcp printer (515)
208.186.64.74 Sat May 03 20:39:13 2003 tcp socks (1080)
217.21.115.3 Sat May 03 21:02:25 2003 tcp socks (1080)
209.29.85.27 Sat May 03 21:56:24 2003 tcp socks (1080)
203.177.88.130 Sat May 03 22:15:10 2003 tcp sunrpc (111)
203.135.34.245 Sun May 04 00:06:26 2003 tcp sunrpc (111)
61.106.148.30 Sun May 04 00:59:36 2003 tcp sunrpc (111)
217.80.153.181 Sun May 04 10:08:03 2003 tcp socks (1080)
64.201.104.2 Sun May 04 10:49:25 2003 tcp socks (1080)
218.32.241.53 Sun May 04 17:55:23 2003 tcp sunrpc (111)
162.33.251.235 Sun May 04 20:11:32 2003 tcp socks (1080)
62.23.146.103 Sun May 04 22:53:04 2003 tcp socks (1080)
66.233.80.61 Mon May 05 08:03:24 2003 tcp socks (1080)
34 REPLIES
N/A

RE: Intrusion attempts

It's up to the end user to do it,not the ISP.
When you pay for a connection then that's what you get,the connection.
Anyone using a pc for internet should be aware of what can happen in the first place.
Everyone should be told of what can happen befor they even think about usings pc's to connrct to internet.
It's like giving someone a car,showing them what pedal to press to go fast and not telling them how to stop.
N/A

RE: Intrusion attempts

> Surely these can be blocked from the ISP side? If not, I think PlusNet should take a stand and be an ambassador ISP and put this into place.
Hi there,
Basically, the person that followed-up your post was correct. We can deal with things like this if the attempt(s) are coming from one of our customers, but otherwise you will need to contact the originating ISP. It's not feasible to filter out traffic at our end - our routers process over a gigabit of traffic and the overhead to inspect all of this would be very high indeed.
Regards,
Mike
--
| Mike Grice....................Unmetered & ADSL solutions
| Technical Support.....................for Home & Business
| PlusNet Technologies Ltd.........@ http://www.plus.net
+ ----- My Referrals - It pays to recommend PlusNet -----
N/A

RE: Intrusion attempts

> Surely these can be blocked from the ISP side? If not, I think PlusNet should take a stand and be an ambassador ISP and put this into place.
Hi there,
Basically, the person that followed-up your post was correct. We can deal with things like this if the attempt(s) are coming from one of our customers, but otherwise you will need to contact the originating ISP. It's not feasible to filter out traffic at our end - our routers process over a gigabit of traffic and the overhead to inspect all of this would be very high indeed.
Regards,
Mike
--
| Mike Grice....................Unmetered & ADSL solutions
| Technical Support.....................for Home & Business
| PlusNet Technologies Ltd.........@ http://www.plus.net
+ ----- My Referrals - It pays to recommend PlusNet -----
N/A

RE: Intrusion attempts

Very true.
Anyway,I get loads of so called attempts made but nothing ever happens.
Half the time when I try to trace back where it comes from I am lucky to even get the ISP where it came through.
I have a good firewall,keep it upto date,am aware of what can/could happen.
If anything I think my keyboard has a proble m
as it kee p s mis s typingg.
Community Veteran
Posts: 3,181
Thanks: 19
Fixes: 2
Registered: 31-07-2007

RE: Intrusion attempts

> Below is a small list from our firewall indicated blocked intrusion attempts.
>
> Surely these can be blocked from the ISP side? If not, I think PlusNet should take a stand and be an ambassador ISP and put this into place.
-snip-
> 217.21.115.6 Sat May 03 01:22:18 2003 tcp socks (1080)
> 217.21.115.5 Sat May 03 03:51:20 2003 tcp socks (1080)
> 217.21.115.10 Sat May 03 15:16:28 2003 tcp socks (1080)

That IP range [217.21.115.1 too 217.21.115.10] has been noted on a number of sites and reported but the owner of the block won't reply concerning the wide range probing going from them.

Basically if you cant find a contact in the whois for you to complain to. Then you could ask the abuse dept of PN to follow it up seeing as they should have more info to hand/better info utilities/knowledge.
Unvalued customer since 2001 funding cheap internet for others / DSL/Fibre house move 24 month regrade from 8th May 2017
N/A

RE: Intrusion attempts

Kev
Thanks for your stupidly simplistic answer, obviously you missed the point completely, a point that I, a highly experienced IT Manager was trying to make!!!!
N/A

RE: Intrusion attempts

> Kev
> Thanks for your stupidly simplistic answer, obviously you missed the point completely, a point that I, a highly experienced IT Manager was trying to make!!!!

Hey,I did NOT miss the point and I ain't stupid.
I don't give a monkeys if you are an IT anything.
So put that in your IN tray
N/A

RE: Intrusion attempts

> Very true.
> Anyway,I get loads of so called attempts made but nothing ever happens.
> Half the time when I try to trace back where it comes from I am lucky to even get the ISP where it came through.
> I have a good firewall,keep it upto date,am aware of what can/could happen.
> If anything I think my keyboard has a proble m
> as it kee p s mis s typingg.

Now now boys... no fighting!! I recommend a router... it stops just about everything!
N/A

RE: Intrusion attempts

Funny I fought wun of them wuz wot yoo put gruves inn wudd wiv innit?
N/A

RE: Intrusion attempts

> Funny I fought wun of them wuz wot yoo put gruves inn wudd wiv innit?

Nah! Dat's a ROOTER.. only don't ask for one in Australia coz you might get a nasty surprise!
N/A

RE: Intrusion attempts

Now now Kev, touched a nerve there I think, and your still missing the point.

If our firewall is stopping this traffic, then it's good for us, but if these IP's are known to be "bad 'uns" then they should be blocked - THAT's the point I was trying to make.

And the thing that makes grooves in wood is called a ROWTER ;-) :-)
N/A

RE: Intrusion attempts


> And the thing that makes grooves in wood is called a ROWTER ;-) :-)

Yes I know but rooter sounds better... and it's actually a router (route = to tear).
N/A

Some people want the connections

Some people actually want the connections (or at least some) to be able to reach their machine - the ability to have inbound www (or whatever) connections is actually a benefit to some of us!

As far as plusnet dealing with intrusion attempts goes, though, I raised a ticket (or emailed abuse@plus.net, I can't remember which), when another plusnet customer scanned my address. It was a relatively small scan (not a full-blown 40000 packets from Nessus type thing), but it was very noticeable that I never even received an acknowledgement from plusnet about the matter.
N/A

Intrusion attempts

Hi,

You should at least receive an auto-response when you contact Abuse (assuming you had a valid reply address!). Unfortunately due to number of cases the abuse team have to deal with it is often not possible for them to personally contact the person who originally reported it, however all cases we receive are investigated.