Port Scans

I used to be with Freeserve ADSL and moved recently to PlusNet (who seem
much better overall, especially on customer service issues), but I have
noticed an awful lot of port scan and other intrusion attempts on my PC (my
Sygate firewall alerts me to this).

A) This only occurred infrequently when I was with Freeserve and

B) The majority (not all but well over 75%) of hacker attempts are other
PlusNet users.

Does anyone have an explanation to the above?

(I must stress that I have no problem with PlusNet (who are to date the best
ISP I have encountered), just that I am receiving so many hacker attempts)

"Franklin P Patchey" <(E-Mail Removed)> wrote in message
news:_GQbc.27317$(E-Mail Removed)...
> I used to be with Freeserve ADSL and moved recently to PlusNet (who seem
> much better overall, especially on customer service issues), but I have
> noticed an awful lot of port scan and other intrusion attempts on my PC
(my
> Sygate firewall alerts me to this).
>
> A) This only occurred infrequently when I was with Freeserve and
>
> B) The majority (not all but well over 75%) of hacker attempts are other
> PlusNet users.
>
> Does anyone have an explanation to the above?
>
> (I must stress that I have no problem with PlusNet (who are to date the
best
> ISP I have encountered), just that I am receiving so many hacker attempts)
>

Stick a router in the way - that'll be the last you'll see of them.

I.

On Sun, 4 Apr 2004 10:38:58 +0100, "Franklin P Patchey"
<(E-Mail Removed)> wrote:

>I used to be with Freeserve ADSL and moved recently to PlusNet (who seem
>much better overall, especially on customer service issues), but I have
>noticed an awful lot of port scan and other intrusion attempts on my PC (my
>Sygate firewall alerts me to this).
>
>A) This only occurred infrequently when I was with Freeserve and
>
>B) The majority (not all but well over 75%) of hacker attempts are other
>PlusNet users.
>
>Does anyone have an explanation to the above?
>
>(I must stress that I have no problem with PlusNet (who are to date the best
>ISP I have encountered), just that I am receiving so many hacker attempts)
>

Hi there,

We will occasionally send out requests to see if customers are online.
However you should never have too many requests to really worry about
it. If you are seeing a lot of reuqests from our IP ranges, then
please email your firewall logs to (E-Mail Removed)

regards

Luke
| Luke Horwath Unmetered & ADSL solutions
| Technical Support for Home & Business
| PlusNet Technologies Ltd. @ http://www.plus.net
+ ----- My Referrals - It pays to recommend PlusNet -----+

"Iain Miller" <(E-Mail Removed)> wrote in message
news:O1Rbc.133$ox4.95@newsfe1-win...
>
> "Franklin P Patchey" <(E-Mail Removed)> wrote in message
> news:_GQbc.27317$(E-Mail Removed)...
> > I used to be with Freeserve ADSL and moved recently to PlusNet (who seem
> > much better overall, especially on customer service issues), but I have
> > noticed an awful lot of port scan and other intrusion attempts on my PC
> (my
> > Sygate firewall alerts me to this).
> >
> > A) This only occurred infrequently when I was with Freeserve and
> >
> > B) The majority (not all but well over 75%) of hacker attempts are other
> > PlusNet users.
> >
> > Does anyone have an explanation to the above?
> >
> > (I must stress that I have no problem with PlusNet (who are to date the
> best
> > ISP I have encountered), just that I am receiving so many hacker
attempts)
> >
>
> Stick a router in the way - that'll be the last you'll see of them.
>
> I.
>
I'd second Iain's suggestion about a router. Also contact Plusnet support,
particularly if you have evidence such as the IP address of who is scanning
you. It could also be the case of the scans being harmless - it could be a
gamer looking for a local host to compete on.

Cheers, Mike

> Hi there,
>
> We will occasionally send out requests to see if customers are online.
> However you should never have too many requests to really worry about
> it. If you are seeing a lot of reuqests from our IP ranges, then
> please email your firewall logs to (E-Mail Removed)


Luke, why would you want to know whether your customers were on-line or not?
Just curious

Steven.

"fred bloggs" <(E-Mail Removed)> wrote in message
news:IySbc.27338$(E-Mail Removed)...
>
> "Iain Miller" <(E-Mail Removed)> wrote in message
> news:O1Rbc.133$ox4.95@newsfe1-win...
> >
> > "Franklin P Patchey" <(E-Mail Removed)> wrote in message
> > news:_GQbc.27317$(E-Mail Removed)...
> > > I used to be with Freeserve ADSL and moved recently to PlusNet (who
seem
> > > much better overall, especially on customer service issues), but I
have
> > > noticed an awful lot of port scan and other intrusion attempts on my
PC
> > (my
> > > Sygate firewall alerts me to this).
> > >
> > > A) This only occurred infrequently when I was with Freeserve and
> > >
> > > B) The majority (not all but well over 75%) of hacker attempts are
other
> > > PlusNet users.
> > >
> > > Does anyone have an explanation to the above?
> > >
> > > (I must stress that I have no problem with PlusNet (who are to date
the
> > best
> > > ISP I have encountered), just that I am receiving so many hacker
> attempts)
> > >
> >
> > Stick a router in the way - that'll be the last you'll see of them.
> >
> > I.
> >
> I'd second Iain's suggestion about a router. Also contact Plusnet support,
> particularly if you have evidence such as the IP address of who is
scanning
> you. It could also be the case of the scans being harmless - it could be a
> gamer looking for a local host to compete on.
>

But its not illegal to portscan, just to exploit what you find.
All you can do is email the scanner and request they dont do it again, which
then confirms your identity.

All you have to do is block all incoming requests by all protocols on all
ports unless you have a need for them.
There are obviously other techniques to help but this is the easiest.

On Sun, 4 Apr 2004 13:15:47 +0100, "Steven Campbell"
<(E-Mail Removed)> wrote:

>> Hi there,
>>
>> We will occasionally send out requests to see if customers are online.
>> However you should never have too many requests to really worry about
>> it. If you are seeing a lot of reuqests from our IP ranges, then
>> please email your firewall logs to (E-Mail Removed)
>
>
>Luke, why would you want to know whether your customers were on-line or not?
>Just curious
>
>Steven.
>
>
>

To be honest, we don't have any other way of telling if the customer
is offline. BT do not pass this information onto us, so our RADIUS
servers send out pings to establish if the customer is on/offline.

regards

Luke
| Luke Horwath Unmetered & ADSL solutions
| Technical Support for Home & Business
| PlusNet Technologies Ltd. @ http://www.plus.net
+ ----- My Referrals - It pays to recommend PlusNet -----+

On Sun, 04 Apr 2004 14:18:36 +0100, PlusNet Support
<(E-Mail Removed)> wrote:

>To be honest, we don't have any other way of telling if the customer
>is offline. BT do not pass this information onto us, so our RADIUS
>servers send out pings to establish if the customer is on/offline.

So if somebody has a firewall running in full stealth mode you have no
idea if they are online or not? Or can you tell by monitoring whether
their computer is using the Internet?

--
To email me remove ".lartsspammers"
http://www.kingqueen.org.uk

"PlusNet Support" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On Sun, 4 Apr 2004 13:15:47 +0100, "Steven Campbell"
> <(E-Mail Removed)> wrote:
>
> >> Hi there,
> >>
> >> We will occasionally send out requests to see if customers are online.
> >> However you should never have too many requests to really worry about
> >> it. If you are seeing a lot of reuqests from our IP ranges, then
> >> please email your firewall logs to (E-Mail Removed)
> >
> >Luke, why would you want to know whether your customers were on-line or
not?
> >Just curious
> >
> >Steven.
> >
> To be honest, we don't have any other way of telling if the customer
> is offline. BT do not pass this information onto us, so our RADIUS
> servers send out pings to establish if the customer is on/offline.

But why do you need to know whether they are on/off line? What do you / the
customer gain from this information. After all it is an always on
connection so I can't understand why you need to know this info.

cheers

Steven.

In response to what PlusNet Support <(E-Mail Removed)> posted in
news:(E-Mail Removed):

> To be honest, we don't have any other way of telling if the customer
> is offline. BT do not pass this information onto us, so our RADIUS
> servers send out pings to establish if the customer is on/offline.
>

Well, that may be so - but it aint an answer to the question you were
asked.

--
Joe Soap.
JUNK is stuff that you keep for 20 years,
then throw away a week before you need it.