PDA

View Full Version : Need advice please!



Unregistered
01-13-2004, 12:59 PM
Every so often my TCP ports: 8080, 4480, **28, 80, 6588 get scanned twice in succession from 2*7.*2.*08.*65.
My firewall picks this up and so I backtrace it:

Host Source:
% This is the RIPE Whois server.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/db/copyright.html
inetnum: 2*7.*2.*08.0 - 2*7.*2.***.255
remarks: *******************************************************
remarks: * Please send abuse reports to abuse@btopenworld.com *
remarks: *******************************************************
netname: BT-ADSL
descr: BAL
country: GB
admin-c: BTOW*-RIPE
tech-c: BTOW*-RIPE
status: ASSIGNED PA
mnt-by: BTNET-MNT
mnt-lower: BTNET-MNT
mnt-routes: BTNET-MNT
changed: support@bt.net 20000*27
changed: preston.dialip@bt.com 200*0628
changed: preston.dialip@bt.com 200***2*
changed: preston.dialip@bt.com 200****0
changed: preston.dialip@bt.com 20020724
changed: preston.dialip@bt.com 200*0820
source: RIPE
route: 2*7.*2.0.0/*2
descr: BT Public Internet Service
origin: AS2856
mnt-by: BTNET-MNT
changed: support@bt.net 2002*204
source: RIPE
role: BT OPENWORLD OPERATIONAL SUPPORT
remarks: ********************************************************
remarks: * Please send abuse reports to abuse@btopenworld.com *
remarks: * *
remarks: ********************************************************
address: BT
address: Openworld
address: UK
e-mail: ims.adastral@btopenworld.com
admin-c: IT**7-RIPE
tech-c: RJG*-RIPE
nic-hdl: BTOW*-RIPE
mnt-by: BTNET-MNT
changed: preston.dialip@bt.com 200*0520
source: RIPE





Destination Source:
% This is the RIPE Whois server.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/db/copyright.html

inetnum: 2*7.*2.0.0 - 2*7.*2.2*.255
netname: BT-MIDBAND
descr: BT-MIDBAND
country: GB
admin-c: KJH5-RIPE
tech-c: KJH5-RIPE
status: ASSIGNED PA
remarks: Please send abuse notification to abuse@bt.net
remarks: INFRA-AW
mnt-by: BTNET-MNT
mnt-lower: BTNET-MNT
mnt-routes: BTNET-MNT
changed: preston.dialip@bt.com 200*06*8
changed: preston.dialip@bt.com 200*08**
source: RIPE

route: 2*7.*2.0.0/*2
descr: BT Public Internet Service
origin: AS2856
mnt-by: BTNET-MNT
changed: support@bt.net 2002*204
source: RIPE

person: Ken Hayes
address: pp *04K
address: Network House
address: Goodall Street
address: Walsall
address: West Midlands
address: WS* 2HE
address: UK
phone: +44 **22 706**2
fax-no: +44 **22 6500*0
e-mail: kenneth.hayes@bt.com
nic-hdl: KJH5-RIPE
mnt-by: BTNET-MNT
changed: preston.dialip@bt.com 2002*0*7
changed: preston.dialip@bt.com 2002*0*7
source: RIPE

What’s going on here? Who is doing this and why, and how can I stop it?
Yours concernedly,
Orgone

Closure
01-16-2004, 05:00 PM
remarks: Please send abuse notification to abuse@bt.net

This email address should be all you need to take care of your problems. Port scans are illegal, unless authorized. Be sure to be accurate with your details, otherwise your email will be trashed without response in most cases.

Cheers,

Closure