-
Need advice please!
Every so often my TCP ports: 8080, 4480, **28, 80, 6588 get scanned twice in succession from 2*7.*2.*08.*65.
My firewall picks this up and so I backtrace it:
Host Source:
% This is the RIPE Whois server.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See [url]http://www.ripe.net/ripencc/pub-services/db/copyright.html[/url]
inetnum: 2*7.*2.*08.0 - 2*7.*2.***.255
remarks: *******************************************************
remarks: * Please send abuse reports to [email]abuse@btopenworld.com[/email] *
remarks: *******************************************************
netname: BT-ADSL
descr: BAL
country: GB
admin-c: BTOW*-RIPE
tech-c: BTOW*-RIPE
status: ASSIGNED PA
mnt-by: BTNET-MNT
mnt-lower: BTNET-MNT
mnt-routes: BTNET-MNT
changed: [email]support@bt.net[/email] 20000*27
changed: [email]preston.dialip@bt.com[/email] 200*0628
changed: [email]preston.dialip@bt.com[/email] 200***2*
changed: [email]preston.dialip@bt.com[/email] 200****0
changed: [email]preston.dialip@bt.com[/email] 20020724
changed: [email]preston.dialip@bt.com[/email] 200*0820
source: RIPE
route: 2*7.*2.0.0/*2
descr: BT Public Internet Service
origin: AS2856
mnt-by: BTNET-MNT
changed: [email]support@bt.net[/email] 2002*204
source: RIPE
role: BT OPENWORLD OPERATIONAL SUPPORT
remarks: ********************************************************
remarks: * Please send abuse reports to [email]abuse@btopenworld.com[/email] *
remarks: * *
remarks: ********************************************************
address: BT
address: Openworld
address: UK
e-mail: [email]ims.adastral@btopenworld.com[/email]
admin-c: IT**7-RIPE
tech-c: RJG*-RIPE
nic-hdl: BTOW*-RIPE
mnt-by: BTNET-MNT
changed: [email]preston.dialip@bt.com[/email] 200*0520
source: RIPE
Destination Source:
% This is the RIPE Whois server.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See [url]http://www.ripe.net/ripencc/pub-services/db/copyright.html[/url]
inetnum: 2*7.*2.0.0 - 2*7.*2.2*.255
netname: BT-MIDBAND
descr: BT-MIDBAND
country: GB
admin-c: KJH5-RIPE
tech-c: KJH5-RIPE
status: ASSIGNED PA
remarks: Please send abuse notification to [email]abuse@bt.net[/email]
remarks: INFRA-AW
mnt-by: BTNET-MNT
mnt-lower: BTNET-MNT
mnt-routes: BTNET-MNT
changed: [email]preston.dialip@bt.com[/email] 200*06*8
changed: [email]preston.dialip@bt.com[/email] 200*08**
source: RIPE
route: 2*7.*2.0.0/*2
descr: BT Public Internet Service
origin: AS2856
mnt-by: BTNET-MNT
changed: [email]support@bt.net[/email] 2002*204
source: RIPE
person: Ken Hayes
address: pp *04K
address: Network House
address: Goodall Street
address: Walsall
address: West Midlands
address: WS* 2HE
address: UK
phone: +44 **22 706**2
fax-no: +44 **22 6500*0
e-mail: [email]kenneth.hayes@bt.com[/email]
nic-hdl: KJH5-RIPE
mnt-by: BTNET-MNT
changed: [email]preston.dialip@bt.com[/email] 2002*0*7
changed: [email]preston.dialip@bt.com[/email] 2002*0*7
source: RIPE
What’s going on here? Who is doing this and why, and how can I stop it?
Yours concernedly,
Orgone
-
remarks: Please send abuse notification to [email]abuse@bt.net[/email]
This email address should be all you need to take care of your problems. Port scans are illegal, unless authorized. Be sure to be accurate with your details, otherwise your email will be trashed without response in most cases.
Cheers,
Closure