Endless probes from ADSL address range

stevedavies

Member
Joined
Sep 8, 2003
Messages
20
In the last 15 minutes - yes, 15 minutes! - my firewall has blocked about 500 probe packets looking for open shares, vulnerabilities and the rest.

More than half of those came from 165.165.X.X addresses.

To be exact, I have been probed by 120 (no, wait: 121) (no, wait: 122) different addresses in this address range.

Do you think anybody cares about this? In my old Internet Africa days I would have looked up the user names and warned them they were infected. Somehow I can't imagine that anybody I could speak to at Telkom Internet would even know what I was on about...

Yours,
Steve Davies
 

loosecannon

Senior Member
Joined
Jul 27, 2004
Messages
731
strange you should mention this .... while i worked there someone did this to my FW and i lodged a complaint as a user not staff no one had a clue [i knew it would come back to my desk] i tried to get the message across ... it was escalated to senior management [telkom way of saying its dead no one done anything] ... what i did was look up the user and threaten them with there worst nightmare [ala 1984] ...
 

kaspaas

Expert Member
Joined
Aug 6, 2003
Messages
3,736
A friend had ADSL installed at his home with the free Telkom POTS modem.

The Telkom techie got everthing working "according to his training" running PPPoE over the modem.

My friend has a PC for himself and his wife. Each one has to "dial-up" before they can work.

The Telkom techie did not tell them about the need for firewalls etc.

So guess what: They were hacked, and pestering the network with these port scans.

Telkom is to blame for many of these "knocking for entry" attempts by not setting up their own modems as firewalls and not instructing people on the new risks of a 24/7 high speed internet connection.



South Africa needs World Class Broadband at World Competitive Prices.
 

pjbmm

New Member
Joined
Jun 19, 2004
Messages
6
Try sending your FW logs to abuse@saix.net. Believe it or not, the SAIX abuse guys actually do something about viruses on their network. They contact the relevant ISP and then they get to deal with it, which normally leads nowhere, but can be mildly amusing if you are bored.
 

Karnaugh

Banned
Joined
Jul 23, 2003
Messages
1,575
*yawn* *yawn* *yawn*

Blaster worm people, saser virus people. These infections are far to fast to bother informing people or reporting abuse, I drop over 10 attacks a minute from these viruses. Teach your firewall to ignore it. (step one is probably to READ the documentation with your firewall that might tell you this too)

- Colin Alston
colin at alston dot za dot org

"Getting traffic shaping right is easy and can be summed up in one word: Dont." -- George Barnett
 
Top