I have been noticing an alarming amount of †˜logâà¢Ã¢â‚¬Å¡Ã‚¬Ã¢â€žà ƒâ€šÃ‚¢ activity to/from someone in the same IP range as myself. I have been letting it pass, but its become much more of an issue now that its become †˜ever regularââ‚à ‚¬Ã¢â€žÂ¢ and at unusual times of the day (often during the night) ..

I am in the IP range of:

spc1-ward1-5-0-custXX.bagu.broadband.ntl.com (213.106.113.XX)

and the †˜friend or foeââ‚Âà ‚¬ÃƒÂ¢Ã¢â‚¬Å¾Ã‚¢ is:

spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200]

Now, with the last IP digit being a perfect †œ200âà ƒÂ¢Ã¢â‚¬Å¡Ã‚¬Ã‚ÂÂÂ� Iâ₠¬ÃƒÆ’¢â€žÂ¢ve been presuming that its some normal activity but it does seem highly unlikely with log activity of the following:

[CURRENT LATEST LOG EVENT]
02/09/2004 18:44:25 Blocked 3 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 2630
02/09/2004 18:43:03 Blocked 3 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 2067
02/09/2004 18:42:52 Blocked 3 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 1966
02/09/2004 18:42:42 Blocked 3 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 1903
02/09/2004 18:33:59 Blocked 3 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 2166
02/09/2004 18:27:39 Blocked 3 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 3406
02/09/2004 18:27:39 Blocked 3 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 3406
02/09/2004 18:25:10 Blocked 3 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 2405
02/09/2004 18:17:39 Blocked 3 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 3138
02/09/2004 18:17:08 Blocked 3 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 2931
02/09/2004 18:16:32 Blocked 3 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 2690
.
.
[CONTINUALLY]
.
.
02/09/2004 07:05:12 Blocked 3 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 1440
02/09/2004 07:03:45 Blocked 3 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 4712
02/09/2004 07:03:45 Blocked 3 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 4712
02/09/2004 06:53:04 Blocked 3 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 4211
02/09/2004 06:50:45 Blocked 3 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 3274
[LATEST START TIME]
.
.

This happens through the night, with breaks.. then starts up again; infact its just logged again as I've been writing this. I'd just like to know if if this is normal activity or not - its not something that I have ever noticed before, so I'm worried that both my Virus checker and Firewall is possibly missing something (especially with the late night incoming attempts)..

i think although i am not sure that it is a pc with a trojan infection , like i said not totally sure :erm:

In those logs - is that a port number at the end, and if so, is it the source port, or the local destination port ?

Sounds like a case for http://www.ntlworld.com/netreport/ - unless you do, or have used filesharing, and they are polling for a fileshare port that you don't currently have operating.

As above, are they source or destination ports - I don't recognize the pattern.

Sounds like a case for http://www.ntlworld.com/netreport/ - unless you do, or have used filesharing, and they are polling for a fileshare port that you don't currently have operating.

As above, are they source or destination ports - I don't recognize the pattern.

They are the "Remote" ports.. I had to chop off some of the other text as there would have been far too much per line..

02/09/2004 20:37:01 Blocked 3 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] (Remote Port: 2791) (Local Port: 2745)

02/09/2004 20:41:48 Blocked 3 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] (Remote Port: 4771) (Local Port: 2745)

02/09/2004 20:41:48 Blocked 3 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] (Remote Port: 4773) (Local Port: 1025)

... as you can see, Remote & Local ports seem to vary.. Its just so strange to see this connection hitting me time after time, day after day.. hour after hour; i.e I got a little more concerned when the pattern seemed to be 2am.. 6am ..

Oh dear, that looks like a very infected pc (beagle worm ?) trying desperately to infect you and everyone else. :grind:
I suggest you report it to ntl.

Oh dear, that looks like a very infected pc (beagle worm ?) trying desperately to infect you and everyone else. :grind:
I suggest you report it to ntl.

Strange thing is I am running NOD32, which is highly regarded as one the top virus-scanners available, along with Sygate Personal Firewall PRO .. now this combination *should* see me fine, but obviously there are concerns with what I've been seeing.

I did notice the "cmd" function was running in the task-list yesterday, which was equally unusual and possibly a loop-hole in SP2 that is allowing some sly swine to run commands... upload trojans, etc. Now, speaking of Trojans thats possibly the only area I am not 100% secure; i.e a *dedicated* Trojan scanner.. Virus checkers, however good, can often miss them.. so if anyone can recommend a good Trojan scanner, please, let me know.

Until then I've removed NOD32 / Sygate and re-installed both..

Security, pah...

Oh yea, and I have logged a report to NTL regarding said attacker..

Perhaps I was not clear, the remote pc is infected, there is no suggestion you are.

Yep! That address is a regular "typhoid mary" and is going to be puking that crap across all the local IP addresses and then some - the 2745 local port, and 1025, and let me check my firewall for other examples of commonly atacked ports - I set my firewall to give special attention, since I regard the activity as akin to trying doorhandles - try 3 of mine, and a 15min block on ALL activity from that address descends, eveen if it would be passes by all other rules ... in Outpost Firewall, you can adjust the rating of ports, so that commonly probed ports trigger an alert/evasion more easily.

1025-1028
2745
3127
5554
6129
9898

Hostile activity - probing for open ports that belong to remote access trojans, or otherwise compromise the system.

Your firewall is doing what it's meant to, stopping them and logging them - that address, therefore belongs to either an unwitting trojan infectee, or maybe even to someone mastering their own set of "owned" victims.

i reckon it will be some dumb ****** who cant even spell firewall :erm: :erm: :erm:

Thanks chaps, well .. its put my mind at rest.

It was kind of worrying, .. but it makes sense that the guys system is spewing out and looking for systems to hook into in the local IP range.

I have been getting the usual 'constant' scans of my system from the guy - but have been noticing upon looking through this mornings log that there are Allowed references that are relating to: C:\WINDOWS\system32\DRIVERS\ndisuio.sys -- so I'm once again thinking that this guy is not scanning my system without some kind of access to my system being allowed; i.e "ndisuio.sys" sounds pretty important .. and he seems to have access there.. so I'm now still more than worried that it's not hitting me for nothing; any ideas?

The format is:

Time, Action, Severity, Direction, Protocol, Source Host, Source Port, Destination Port, Application Name, Security, Begin Time, End Time, Rule Name

04/09/2004 06:09:55 Allowed 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 1641 2745 C:\WINDOWS\system32\DRIVERS\ndisuio.sys Normal 1 04/09/2004 06:08:48 04/09/2004 06:08:48 Ask all running apps
04/09/2004 05:22:02 Allowed 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 1384 2745 C:\WINDOWS\system32\DRIVERS\ndisuio.sys Normal 1 04/09/2004 05:20:57 04/09/2004 05:20:57 Ask all running apps
04/09/2004 05:14:36 Allowed 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 2188 2745 C:\WINDOWS\system32\DRIVERS\ndisuio.sys Normal 1 04/09/2004 05:13:35 04/09/2004 05:13:35 Ask all running apps
04/09/2004 05:02:22 Allowed 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 1094 2745 C:\WINDOWS\system32\DRIVERS\ndisuio.sys Normal 1 04/09/2004 05:01:18 04/09/2004 05:01:18 Ask all running apps
04/09/2004 04:07:03 Allowed 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 1656 2745 C:\WINDOWS\system32\DRIVERS\ndisuio.sys Normal 1 04/09/2004 04:05:55 04/09/2004 04:05:55 Ask all running apps
04/09/2004 03:40:43 Allowed 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 2504 2745 C:\WINDOWS\system32\DRIVERS\ndisuio.sys Normal 1 04/09/2004 03:39:32 04/09/2004 03:39:32 Ask all running apps
04/09/2004 02:56:05 Allowed 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 3608 2745 C:\WINDOWS\system32\DRIVERS\ndisuio.sys Normal 1 04/09/2004 02:54:53 04/09/2004 02:54:53 Ask all running apps
04/09/2004 02:37:11 Allowed 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 3655 2745 C:\WINDOWS\system32\DRIVERS\ndisuio.sys Normal 1 04/09/2004 02:36:07 04/09/2004 02:36:07 Ask all running apps
04/09/2004 02:07:51 Allowed 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 3160 2745 C:\WINDOWS\system32\DRIVERS\ndisuio.sys Normal 1 04/09/2004 02:06:49 04/09/2004 02:06:49 Ask all running apps
04/09/2004 01:57:25 Allowed 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 2790 2745 C:\WINDOWS\system32\DRIVERS\ndisuio.sys Normal 1 04/09/2004 01:56:24 04/09/2004 01:56:24 Ask all running apps
03/09/2004 23:46:50 Allowed 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 3238 2745 C:\WINDOWS\system32\DRIVERS\ndisuio.sys Normal 1 03/09/2004 23:45:46 03/09/2004 23:45:46 Ask all running apps


The following is this mornings log in 'context' with the "Allowed" access mixed in..


04/09/2004 08:24:18 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 3302 2745 Normal 3 04/09/2004 08:23:32 04/09/2004 08:23:41 Block_all
04/09/2004 06:10:57 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 2072 2745 Normal 2 04/09/2004 06:09:49 04/09/2004 06:09:52 Block_all
04/09/2004 06:09:55 Allowed 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 1641 2745 C:\WINDOWS\system32\DRIVERS\ndisuio.sys Normal 1 04/09/2004 06:08:48 04/09/2004 06:08:48 Ask all running apps
04/09/2004 06:09:55 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 1641 2745 Normal 3 04/09/2004 06:08:45 04/09/2004 06:08:54 Block_all
04/09/2004 06:08:13 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 4793 2745 Normal 2 04/09/2004 06:07:02 04/09/2004 06:07:08 Block_all
04/09/2004 05:47:31 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 4090 2745 Normal 2 04/09/2004 05:46:21 04/09/2004 05:46:30 Block_all
04/09/2004 05:41:37 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 1654 2745 Normal 3 04/09/2004 05:40:24 04/09/2004 05:40:32 Block_all
04/09/2004 05:39:03 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 4467 2745 Normal 2 04/09/2004 05:37:52 04/09/2004 05:37:58 Block_all
04/09/2004 05:31:01 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 1171 2745 Normal 2 04/09/2004 05:29:50 04/09/2004 05:29:56 Block_all
04/09/2004 05:28:11 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 3889 2745 Normal 1 04/09/2004 05:27:09 04/09/2004 05:27:09 Block_all
04/09/2004 05:26:29 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 3229 2745 Normal 2 04/09/2004 05:25:23 04/09/2004 05:25:26 Block_all
04/09/2004 05:24:41 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 2439 2745 Normal 3 04/09/2004 05:23:28 04/09/2004 05:23:37 Block_all
04/09/2004 05:23:55 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 2149 2745 Normal 3 04/09/2004 05:22:44 04/09/2004 05:22:53 Block_all
04/09/2004 05:22:07 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 1384 2745 Normal 2 04/09/2004 05:20:57 04/09/2004 05:21:03 Block_all
04/09/2004 05:22:02 Allowed 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 1384 2745 C:\WINDOWS\system32\DRIVERS\ndisuio.sys Normal 1 04/09/2004 05:20:57 04/09/2004 05:20:57 Ask all running apps
04/09/2004 05:19:23 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 4125 2745 Normal 1 04/09/2004 05:18:18 04/09/2004 05:18:18 Block_all
04/09/2004 05:14:36 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 2188 2745 Normal 1 04/09/2004 05:13:35 04/09/2004 05:13:35 Block_all
04/09/2004 05:14:36 Allowed 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 2188 2745 C:\WINDOWS\system32\DRIVERS\ndisuio.sys Normal 1 04/09/2004 05:13:35 04/09/2004 05:13:35 Ask all running apps
04/09/2004 05:09:43 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 4058 2745 Normal 3 04/09/2004 05:08:32 04/09/2004 05:08:41 Block_all
04/09/2004 05:08:57 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 3734 2745 Normal 3 04/09/2004 05:07:43 04/09/2004 05:07:52 Block_all
04/09/2004 05:08:37 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 3616 2745 Normal 3 04/09/2004 05:07:27 04/09/2004 05:07:36 Block_all
04/09/2004 05:08:11 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 3455 2745 Normal 1 04/09/2004 05:07:07 04/09/2004 05:07:07 Block_all
04/09/2004 05:05:53 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 2479 2745 Normal 3 04/09/2004 05:04:40 04/09/2004 05:04:49 Block_all
04/09/2004 05:02:32 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 1094 2745 Normal 3 04/09/2004 05:01:18 04/09/2004 05:01:27 Block_all
04/09/2004 05:02:22 Allowed 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 1094 2745 C:\WINDOWS\system32\DRIVERS\ndisuio.sys Normal 1 04/09/2004 05:01:18 04/09/2004 05:01:18 Ask all running apps
04/09/2004 05:00:55 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 4364 2745 Normal 2 04/09/2004 04:59:50 04/09/2004 04:59:53 Block_all
04/09/2004 04:53:34 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 1313 2745 Normal 3 04/09/2004 04:52:21 04/09/2004 04:52:30 Block_all
04/09/2004 04:53:08 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 1158 2745 Normal 3 04/09/2004 04:51:59 04/09/2004 04:52:07 Block_all
04/09/2004 04:53:03 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 1121 2745 Normal 3 04/09/2004 04:51:52 04/09/2004 04:52:01 Block_all
04/09/2004 04:51:15 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 4244 2745 Normal 1 04/09/2004 04:50:13 04/09/2004 04:50:13 Block_all
04/09/2004 04:49:33 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 3537 2745 Normal 3 04/09/2004 04:48:20 04/09/2004 04:48:29 Block_all
04/09/2004 04:49:12 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 3420 2745 Normal 3 04/09/2004 04:48:02 04/09/2004 04:48:11 Block_all
04/09/2004 04:49:07 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 3407 2745 Normal 2 04/09/2004 04:48:00 04/09/2004 04:48:03 Block_all
04/09/2004 04:43:54 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 1236 2745 Normal 3 04/09/2004 04:42:41 04/09/2004 04:42:50 Block_all
04/09/2004 04:39:48 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 3439 2745 Normal 3 04/09/2004 04:38:36 04/09/2004 04:38:45 Block_all
04/09/2004 04:27:54 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 2424 2745 Normal 3 04/09/2004 04:26:41 04/09/2004 04:26:50 Block_all
04/09/2004 04:27:29 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 2271 2745 Normal 2 04/09/2004 04:26:21 04/09/2004 04:26:27 Block_all
04/09/2004 04:19:52 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 3005 2745 Normal 3 04/09/2004 04:18:38 04/09/2004 04:18:47 Block_all
04/09/2004 04:18:40 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 2551 2745 Normal 1 04/09/2004 04:17:35 04/09/2004 04:17:35 Block_all
04/09/2004 04:07:03 Allowed 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 1656 2745 C:\WINDOWS\system32\DRIVERS\ndisuio.sys Normal 1 04/09/2004 04:05:55 04/09/2004 04:05:55 Ask all running apps
04/09/2004 04:07:03 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 1656 2745 Normal 3 04/09/2004 04:05:52 04/09/2004 04:06:01 Block_all
04/09/2004 04:00:02 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 2708 2745 Normal 1 04/09/2004 03:58:59 04/09/2004 03:58:59 Block_all
04/09/2004 03:55:56 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 4928 2745 Normal 3 04/09/2004 03:54:42 04/09/2004 03:54:51 Block_all
04/09/2004 03:54:54 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 4437 1025 Normal 3 04/09/2004 03:53:40 04/09/2004 03:53:49 Block_all
04/09/2004 03:54:54 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 4435 2745 Normal 2 04/09/2004 03:53:43 04/09/2004 03:53:49 Block_all
04/09/2004 03:51:24 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 3029 2745 Normal 3 04/09/2004 03:50:13 04/09/2004 03:50:22 Block_all
04/09/2004 03:49:41 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 2331 2745 Normal 3 04/09/2004 03:48:32 04/09/2004 03:48:40 Block_all
04/09/2004 03:47:23 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 1384 2745 Normal 3 04/09/2004 03:46:13 04/09/2004 03:46:22 Block_all
04/09/2004 03:45:04 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 4281 2745 Normal 3 04/09/2004 03:43:50 04/09/2004 03:43:59 Block_all
04/09/2004 03:40:43 Allowed 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 2504 2745 C:\WINDOWS\system32\DRIVERS\ndisuio.sys Normal 1 04/09/2004 03:39:32 04/09/2004 03:39:32 Ask all running apps
04/09/2004 03:40:43 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 2504 2745 Normal 3 04/09/2004 03:39:29 04/09/2004 03:39:38 Block_all
04/09/2004 03:34:23 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 3810 2745 Normal 3 04/09/2004 03:33:13 04/09/2004 03:33:22 Block_all
04/09/2004 03:34:13 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 3731 2745 Normal 3 04/09/2004 03:33:02 04/09/2004 03:33:11 Block_all
04/09/2004 03:30:47 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 2327 2745 Normal 3 04/09/2004 03:29:36 04/09/2004 03:29:44 Block_all
04/09/2004 03:29:41 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 1902 2745 Normal 1 04/09/2004 03:28:36 04/09/2004 03:28:36 Block_all
04/09/2004 03:26:05 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 4270 2745 Normal 3 04/09/2004 03:24:53 04/09/2004 03:25:02 Block_all
04/09/2004 03:24:23 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 3571 2745 Normal 3 04/09/2004 03:23:09 04/09/2004 03:23:18 Block_all
04/09/2004 03:19:15 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 1484 2745 Normal 3 04/09/2004 03:18:02 04/09/2004 03:18:11 Block_all
04/09/2004 03:14:07 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 3241 2745 Normal 2 04/09/2004 03:12:56 04/09/2004 03:13:02 Block_all
04/09/2004 03:01:23 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 1925 2745 Normal 2 04/09/2004 03:00:12 04/09/2004 03:00:18 Block_all
04/09/2004 02:58:54 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 4778 2745 Normal 2 04/09/2004 02:57:41 04/09/2004 02:57:50 Block_all
04/09/2004 02:56:56 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 3980 2745 Normal 2 04/09/2004 02:55:48 04/09/2004 02:55:54 Block_all
04/09/2004 02:56:05 Allowed 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 3608 2745 C:\WINDOWS\system32\DRIVERS\ndisuio.sys Normal 1 04/09/2004 02:54:53 04/09/2004 02:54:53 Ask all running apps
04/09/2004 02:56:05 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 3608 2745 Normal 3 04/09/2004 02:54:51 04/09/2004 02:54:59 Block_all
04/09/2004 02:53:56 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 2750 2745 Normal 3 04/09/2004 02:52:44 04/09/2004 02:52:53 Block_all
04/09/2004 02:53:56 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 2743 2745 Normal 3 04/09/2004 02:52:44 04/09/2004 02:52:53 Block_all
04/09/2004 02:42:18 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 1843 2745 Normal 3 04/09/2004 02:41:07 04/09/2004 02:41:16 Block_all
04/09/2004 02:42:13 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 1802 2745 Normal 3 04/09/2004 02:41:01 04/09/2004 02:41:10 Block_all
04/09/2004 02:37:46 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 3874 2745 Normal 3 04/09/2004 02:36:36 04/09/2004 02:36:45 Block_all
04/09/2004 02:37:11 Allowed 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 3655 2745 C:\WINDOWS\system32\DRIVERS\ndisuio.sys Normal 1 04/09/2004 02:36:07 04/09/2004 02:36:07 Ask all running apps
04/09/2004 02:37:11 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 3655 2745 Normal 2 04/09/2004 02:36:05 04/09/2004 02:36:07 Block_all
04/09/2004 02:33:04 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 1936 2745 Normal 1 04/09/2004 02:32:03 04/09/2004 02:32:03 Block_all
04/09/2004 02:26:29 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 3080 2745 Normal 3 04/09/2004 02:25:18 04/09/2004 02:25:27 Block_all
04/09/2004 02:22:02 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 1246 2745 Normal 3 04/09/2004 02:20:52 04/09/2004 02:21:01 Block_all
04/09/2004 02:10:14 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 4154 2745 Normal 3 04/09/2004 02:09:04 04/09/2004 02:09:13 Block_all
04/09/2004 02:07:51 Allowed 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 3160 2745 C:\WINDOWS\system32\DRIVERS\ndisuio.sys Normal 1 04/09/2004 02:06:49 04/09/2004 02:06:49 Ask all running apps
04/09/2004 02:07:51 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 3160 2745 Normal 2 04/09/2004 02:06:43 04/09/2004 02:06:49 Block_all
04/09/2004 02:02:53 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 1137 2745 Normal 3 04/09/2004 02:01:43 04/09/2004 02:01:52 Block_all
04/09/2004 01:58:37 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 3237 2745 Normal 3 04/09/2004 01:57:24 04/09/2004 01:57:33 Block_all
04/09/2004 01:57:35 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 2790 2745 Normal 2 04/09/2004 01:56:24 04/09/2004 01:56:30 Block_all
04/09/2004 01:57:25 Allowed 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 2790 2745 C:\WINDOWS\system32\DRIVERS\ndisuio.sys Normal 1 04/09/2004 01:56:24 04/09/2004 01:56:24 Ask all running apps
04/09/2004 01:53:13 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 4975 2745 Normal 2 04/09/2004 01:52:01 04/09/2004 01:52:10 Block_all
04/09/2004 01:36:02 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 1713 2745 Normal 3 04/09/2004 01:34:48 04/09/2004 01:34:57 Block_all
04/09/2004 01:33:18 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 4465 2745 Normal 3 04/09/2004 01:32:04 04/09/2004 01:32:13 Block_all
04/09/2004 01:32:52 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 4298 1025 Normal 1 04/09/2004 01:31:49 04/09/2004 01:31:49 Block_all
04/09/2004 01:32:52 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 4296 2745 Normal 1 04/09/2004 01:31:49 04/09/2004 01:31:49 Block_all
04/09/2004 01:32:42 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 4216 2745 Normal 3 04/09/2004 01:31:29 04/09/2004 01:31:38 Block_all
04/09/2004 01:31:15 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 3625 2745 Normal 3 04/09/2004 01:30:02 04/09/2004 01:30:11 Block_all
04/09/2004 01:26:07 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 1523 1025 Normal 2 04/09/2004 01:24:57 04/09/2004 01:25:06 Block_all
04/09/2004 01:26:07 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 1521 2745 Normal 1 04/09/2004 01:25:06 04/09/2004 01:25:06 Block_all
04/09/2004 01:10:38 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 2923 2745 Normal 1 04/09/2004 01:09:34 04/09/2004 01:09:34 Block_all
04/09/2004 01:05:35 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 4691 2745 Normal 3 04/09/2004 01:04:22 04/09/2004 01:04:31 Block_all
04/09/2004 01:03:37 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 3892 2745 Normal 2 04/09/2004 01:02:28 04/09/2004 01:02:34 Block_all
04/09/2004 00:56:41 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 4979 2745 Normal 2 04/09/2004 00:55:31 04/09/2004 00:55:37 Block_all
04/09/2004 00:53:46 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 3718 2745 Normal 3 04/09/2004 00:52:36 04/09/2004 00:52:45 Block_all
04/09/2004 00:53:21 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 3520 2745 Normal 3 04/09/2004 00:52:08 04/09/2004 00:52:17 Block_all
04/09/2004 00:53:10 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 3438 2745 Normal 3 04/09/2004 00:51:57 04/09/2004 00:52:06 Block_all
04/09/2004 00:52:19 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 3096 2745 Normal 2 04/09/2004 00:51:09 04/09/2004 00:51:15 Block_all
04/09/2004 00:51:28 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 2745 2745 Normal 3 04/09/2004 00:50:15 04/09/2004 00:50:24 Block_all
04/09/2004 00:50:26 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 2330 2745 Normal 3 04/09/2004 00:49:14 04/09/2004 00:49:23 Block_all
04/09/2004 00:41:32 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 2544 2745 Normal 3 04/09/2004 00:40:21 04/09/2004 00:40:30 Block_all
04/09/2004 00:40:31 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 2124 2745 Normal 1 04/09/2004 00:39:29 04/09/2004 00:39:29 Block_all
04/09/2004 00:39:19 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 1635 2745 Normal 3 04/09/2004 00:38:08 04/09/2004 00:38:17 Block_all
04/09/2004 00:36:04 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 4139 2745 Normal 3 04/09/2004 00:34:51 04/09/2004 00:34:59 Block_all
04/09/2004 00:32:28 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 2680 2745 Normal 2 04/09/2004 00:31:21 04/09/2004 00:31:26 Block_all
04/09/2004 00:21:26 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 2014 2745 Normal 3 04/09/2004 00:20:15 04/09/2004 00:20:24 Block_all
04/09/2004 00:17:55 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 4451 2745 Normal 3 04/09/2004 00:16:45 04/09/2004 00:16:54 Block_all
04/09/2004 00:10:59 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 1572 2745 Normal 3 04/09/2004 00:09:47 04/09/2004 00:09:56 Block_all
04/09/2004 00:00:37 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 1241 2745 Normal 1 03/09/2004 23:59:35 03/09/2004 23:59:35 Block_all
03/09/2004 23:56:25 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 3310 2745 Normal 2 03/09/2004 23:55:11 03/09/2004 23:55:20 Block_all
03/09/2004 23:55:39 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 3014 2745 Normal 1 03/09/2004 23:54:37 03/09/2004 23:54:37 Block_all
03/09/2004 23:52:54 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 1891 2745 Normal 3 03/09/2004 23:51:43 03/09/2004 23:51:52 Block_all
03/09/2004 23:50:56 Blocked 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 1067 2745 Normal 2 03/09/2004 23:49:46 03/09/2004 23:49:52 Block_all
03/09/2004 23:46:50 Allowed 10 Incoming TCP spc1-ward1-5-0-cust200.bagu.broadband.ntl.com [213.106.113.200] 3238 2745 C:\WINDOWS\system32\DRIVERS\ndisuio.sys Normal 1 03/09/2004 23:45:46 03/09/2004 23:45:46 Ask all running apps

ndisuio.sys is a system driver used by some firewalls for their data filtering systems.

As a complete guess - it looks to me like your firewall is thinking "I am getting so many of these packets that maybe they are genuine, I'll let a few in and see if any app responds". :eek:

I would hope this guess is wrong as it is a very dangerous and stupid thing for a firewall to do. :dozey:

http://www.iceteks.com/articles.php?act=view&article=ndisuio&p=1&

unusual :|

I'm going to change firewalls later today.

I'll try and give Outpost a go and possibly Mcafee Personal Plus .. I'm not feeling very secure at all as it stands!

Try Sygate personal firewall free from
http://smb.sygate.com/products/spf_standard.htm

I'm going to change firewalls later today.

I'll try and give Outpost a go and possibly Mcafee Personal Plus .. I'm not feeling very secure at all as it stands!



jerio personal firewall is worth a look at as well , just make sure you unplug your modem when you swap firewalls :disturbd: