I have just received an e-mail from Ntl & Virgin net AUP telling me that they have received a report of internet abuse from me. Case Reference C114949
Windows is always fully patched. XP firewall disabled.
I use Authentium AV set to scan daily, it also auto updates its deffiles, sometimes two or three times each day.
I have ZA Pro, Pest Patrol ( paid for ) AdAware, Spybot, MS beta AntiSpyeware, SpyewareBlaster and also Prevx Home installed. I use these to scan my system on a regular basis.
The only thing found recently was a 'Web Trends' item in Spybot.
All other scans are clean.
I also use an utility called VisualZone which is an add on for ZoneAlarm, it gives much more info. It has a facility called 'Backtrace' which can be used for tracing scan attempts. I have this disabled and only ever use it on very rare occasions when a single IP shows up in my firewall logs many times. Could this be construed as a 'port scan'. It would be ironic if I have been reported by an individual who actually does have an infected PC.
I don't often send in abuse reports, only when I see long term hits from the same source, yesterday I reported an Ntl IP , from stretford/baguley that had scanned port 135 on 71 occasions in the past 10 days, ( suspect Blaster infection).
Could it be that AUP have recieved my report and sent me the abuse notification in error.
I had the previous IP ever since I went on BB over three years ago, this only changed a couple of weeks ago when I had a Samsung STB and a 2meg upgrade.
Since then I have noticed a huge increase in firewall activity, mainly ports, 135,139,445 & the 1026 to 9 range.

I believe there is an AUP team member on the forum, if you read this could you please contact me.:disturbd:

I'd contact them and ask for details and proof that it any abuse was initiated from your connection. If you have recently changed to a new IP address after the speed upgrade it could be the ex-owner of that IP that caused the problem so make sure you make them aware of when you changed IP and if possible what your old IP address was prior to the upgrade.

I have details of both old & new IP, have also sent a reply to the link in the warning e-mail.
__________________

Hooray, seems I am an :angel: after all.

Have just received this reply from AUP.

Dear Mr Banks

Thank you for your response. The email that you received was sent to you in
error, please disregard it.

Yours Sincerely





name removed - Acceptable Use Policy Team

I have details of both old & new IP, have also sent a reply to the link in the warning e-mail.
__________________

Hooray, seems I am an :angel: after all.

Have just received this reply from AUP.

Dear Mr Banks

Thank you for your response. The email that you received was sent to you in
error, please disregard it.

Yours Sincerely





name removed - Acceptable Use Policy Team

I wonder what had happened to Fraz looks like he is s till there in AUP:D

I have just taken the time to read all of the e-mail from Ntl and it refers to my "Internet Account No: xxxxxxx, I have just checked and this number does not correspond to any details I have, PID, main account No:, original password etc, Is my real 'Internet Account No:' my overall Ntl account number ?

I have just taken the time to read all of the e-mail from Ntl and it refers to my "Internet Account No: xxxxxxx, I have just checked and this number does not correspond to any details I have, PID, main account No:, original password etc, Is my real 'Internet Account No:' my overall Ntl account number ?

Now come on your sounding surprised that they got it wrong:rolleyes: crikey how many years have you had NTL.:angel:
How many years have you been with this forum and previous incarnations ;)

How many years have you been with this forum and previous incarnations ;)
I could say, far to long, but that would not be true,:)

Anyone can make a mistake, and I did receive a fairly swift apology.:tu:

Perhaps I should ask for compensation for the stress and inconvenience,:rolleyes:

I do like the poor grammar in the first line of the e-mail though.

"The ntl acceptable use policy team have received a report that indicates that a
ntl Internet account has been used to scan other networks for vulnerabilities".

How many years have you been with this forum and previous incarnations ;)
I could say, far to long, but that would not be true,:)

Anyone can make a mistake, and I did receive a fairly swift apology.:tu:

Perhaps I should ask for compensation for the stress and inconvenience,:rolleyes:

I do like the poor grammar in the first line of the e-mail though.

"The ntl acceptable use policy team have received a report that indicates that a
ntl Internet account has been used to scan other networks for vulnerabilities".
Good thing you contacted them and found out, knowing how things go with NTL you could have lost your connection before they realised the error :rolleyes:

Good thing you contacted them and found out, knowing how things go with NTL you could have lost your connection before they realised the error :rolleyes:

I agree with you :D

I have just taken the time to read all of the e-mail from Ntl and it refers to my "Internet Account No: xxxxxxx, I have just checked and this number does not correspond to any details I have, PID, main account No:, original password etc, Is my real 'Internet Account No:' my overall Ntl account number ?

I believe the number on the letter will be your "subscriber number" - you will have been given this when you registered for email, but it isn't fundamentally important! Does it begin with the number 5 by any chance?

I believe the number on the letter will be your "subscriber number" - you will have been given this when you registered for email, but it isn't fundamentally important! Does it begin with the number 5 by any chance?

No, seven digit number starts with 285, I have no number anything like this, Ntl related. Original e-mail number began with b0423xxxxx

tis probably the subsriber number then.... (unless of course AUP sent the mail to completely the wrong address!)

The subsciber account is the one that holds the email address details for STB customers

(unless of course AUP sent the mail to completely the wrong address!)



:D :D

In these situations, there's also the possibility that someone has cloned your modem, and is doing naughty things. I'd imagine that NTL have a solution to stop modems being cloned (else how are they going to monitor who's actually using the bandwidth they intend to monitor?).

In these situations, there's also the possibility that someone has cloned your modem

Why would someone clone an STB MAC? You'd need the PID and password in order to get online through it, and those aren't available unless you know who had the original box and tortured them for the information!

Why would someone clone an STB MAC? You'd need the PID and password in order to get online through it, and those aren't available unless you know who had the original box and tortured them for the information!Hardly likely to happen then! Unless a dodgy installer is being good to the customer and setting up their connection for them, noting the required information as they do it. Unfortunately not all people can be trusted and the odd bad apple can get into any barrel. I would imagine though that NTL have security measures in force to prevent this sort of thing from happening.

Why would someone clone an STB MAC? You'd need the PID and password in order to get online through it, and those aren't available unless you know who had the original box and tortured them for the information!

Your on form this morning running out of reputation points ;)

Why would someone clone an STB MAC? You'd need the PID and password in order to get online through it, and those aren't available unless you know who had the original box and tortured them for the information!

Fair point. Not in this situation, but in situations like these. I was just generally making the point that NTL can't always be sure the person portscanning/whatever is the person the modem/mac was originally registered to.