cancel
Showing results for 
Search instead for 
Did you mean: 

Should I be worried by this?

Cloudmaster
Grafter
Posts: 257
Registered: 01-08-2007

Should I be worried by this?

Hi all,

I have Kerio Personal Firewall 4 installed & it's stopping what it calls 'ICMP Superscan Echoes' from a small number of PlusNET customers. Since my firewall is stopping these, I'm not unduly worried for myself, but is there a chance that these users have infected machines that are looking for other machines to infect?

Am I being paranoid :x
3 REPLIES
N/A

Should I be worried by this?

This is background internet noise, and yes it's other PN users who are infected and are trying to infect others. It's a pain, but since there is little you can do about it, you just have to accept it and it's not worth worrying about.

I use Kerio and I turned off the logging in the end lol

Aaron
Cloudmaster
Grafter
Posts: 257
Registered: 01-08-2007

Should I be worried by this?

Thanks for the reply, I may turn off low & medium intrusion logging if I get fed up of reading them!!

If these really are scans from infected machines shouldn't the owners of those machines be notified?
N/A

Should I be worried by this?

Yes, you can e-mail the log showing their IP addy (not the whole log) and retrieve their reverse DNS from the IP. Send this to abuse@plus.net

You can also e-mail their main accounts as well.

However I've often found, neither solution gets much results, since PN often e-mail them and get no response. However PN are starting to take some action, by placing a holding page on users who generate traffic on port 135. Cheesy

Aaron