cancel
Showing results for 
Search instead for 
Did you mean: 

Message about scanning for vulnerable ports

mike2843
Newbie
Posts: 3
Registered: ‎30-01-2024

Message about scanning for vulnerable ports

Hi, a few days ago I recieved a message on the help assistant saying that "We have received reports that a PC using your IP address has been scanning other networks looking for vulnerable ports". I replied asking for more information so I can look into it, but I haven't had any answer, so I have no details about what happened or when, I dont even know if it's still ongoing. I did find my address on an abuse website with reports up to about a week ago, but I don't know if it was actually my address at the time. Obviously I want to fix the problem so I don't get out internet cut off. Would there happen to be anyone around here that could help out find me some more details?

6 REPLIES 6
Baldrick1
Moderator
Moderator
Posts: 11,687
Thanks: 5,199
Fixes: 418
Registered: ‎30-06-2016

Re: Message about scanning for vulnerable ports

Moderator's note:
Thread moved from Full Fibre to Everything Else

Moderator and Customer
If this helped - select the Thumb
If it fixed it,  help others - select 'This Fixed My Problem'

Townman
Superuser
Superuser
Posts: 23,013
Thanks: 9,601
Fixes: 160
Registered: ‎22-08-2007

Re: Message about scanning for vulnerable ports

" a few days ago I recieved a message on the help assistant"

What help assistant and from what email address?  Are you sure it came from Plusnet?

Sounds a little scamy!

 

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

mike2843
Newbie
Posts: 3
Registered: ‎30-01-2024

Re: Message about scanning for vulnerable ports

I know! That's what I thought. But I can see it in my notifications on the member centre home page. It's on the "help assistant" at https://www.plus.net/wizard/ which I see says you can no longer ask a question, but that's how the message was sent to me and I can get back to it through that notifications bell. The message below is is all the information I have been given... (names removed)

 


Dear X,

We have received reports that a PC using your IP address has been scanning other networks looking for vulnerable ports.

The most likely explanation for this is that you are infected with a virus. Please disinfect your system, and then inform us using the Help Assistant in the customer portal (http://portal.plus.net/wizard/index.html, click on Customer Services & Billing) that you have done so.

We do not recommend a specific anti-virus product, but one freely available virus checker is AVG AntiVirus, available from http://www.grisoft.com/ . Other free and commercially offered products are also available.

Kind regards,

Y

 


Townman
Superuser
Superuser
Posts: 23,013
Thanks: 9,601
Fixes: 160
Registered: ‎22-08-2007

Re: Message about scanning for vulnerable ports

Ah, OK that’s sound.

”Help centre” is legacy PlusNET space for managing support issues aka the ticketing system.  You cannot raise new tickets, but you can respond to them.

It does sound as though you have a virus or malware on your computer - what antivirus product do you use?

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

mike2843
Newbie
Posts: 3
Registered: ‎30-01-2024

Re: Message about scanning for vulnerable ports

Ah ok, it looked like that with the help centre. I did respond to the ticket since it let me. Is anyone going to see that?

It's all Linux computers and Android phones so I haven't really got any antivirus. I've got OpenWRT running so I'm using tcpdump to watch out for anything going out on high port numbers or port 22 now. The abuse website mentioned attempted SSH logins but no idea if I had the address at the time. No idea if trying to find vulnerable SSH servers would be included in "scanning for vulnerable ports". Not ideal but it should pick up that and port scans.

Townman
Superuser
Superuser
Posts: 23,013
Thanks: 9,601
Fixes: 160
Registered: ‎22-08-2007

Re: Message about scanning for vulnerable ports

Linux and Android are not immune to malware and virus attack - in fact I'd suggest that they are equally prone if not more so - Linux is a hackers playground!

Linux.Hacktool.Portscan (malwarebytes.com)

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.