|
outbreak.ntli.net
Hi All,
This is probably an old topic but I have recently experienced this problem for the first time (on my own pc), in that I keep getting re-directed to outbreak.ntli.net. I have searched google and the NTLHELL, CABLE Forums for an idea as to what causes it. Ok, I know NETSKY virus on a pc causes it but I am running LINUX ? The other thing is My version of Linux is Knoppix which boots from CD and is therefore almost impossible to have a virus. (Everytime I reboot the pc it loads fresh from the CD again - which is nice ;-] ) The only thing I have done recently is upgrade my 750 connection to 2mb. The NTL TechSupport Line's official answer to my problem is NTL dont support LINUX and they tell me to go and get a local IT GUY to sort it out - "Like Shall I ring Myself LOL " I know as many others will know, that its not giving me this error because I am using Linux it is something else and I intend to get to the bottom of it!! I would be interested at this point to hear anyone elses stories on their experiences of this problem. Tomorow I shall get my WinXP PC on and run through their suggestions "JUST TO PASSIFY THEM" Then I will escelate the problem to their next level of support and keep you all posted!! |
Re: outbreak.ntli.net
Might be an idea to see what ports your setup has in use to make sure that you aren't using ports that the virus would be causing activity on.
|
Re: outbreak.ntli.net
NTL's flakey systems think your computer has a virus. I think there was a thread not long back where a poster got stuck in the walled garden and couldn't get out. NTL staff seem to have total faith in their company's systems - i.e. if it says you have a virus, you have a virus. I would check as Paul suggests that you have nothing sending/receiving on the ports commonly used by the various viruses out there, but most likey NTL has got it wrong, again. They don't even check if you have an OS capable of hosting the virus :rolleyes:
|
Re: outbreak.ntli.net
Just phone em and tell em youve gotten rid of the virus and ask them to remove you from the Walled garden lol!
|
Re: outbreak.ntli.net
He's probably picked up someone's old IP which belonged to a computer that was infected.
|
Re: outbreak.ntli.net
Quote:
anyway, if you download the patches from the walled garden site (yep i know you can't run them on linux but this is irrelevant) the system should then automatically release you after 4 hours. Reboot the modem and if this doesn't happen, contact technical support and tell them that you have downloaded them and still stuck. It will then be sent off to a team to release you manually :) |
Re: outbreak.ntli.net
Quote:
|
Re: outbreak.ntli.net
Quote:
Your always going to have false positives, but better a few mistakes than a whole network block due to virus propagation. |
Re: outbreak.ntli.net
They may be *SMART* But their system "Doesnt work"!!
It is getting too many "False Positives" and giving their customers a headache! If you know them so well ask them what is the answer to fixing the problem for people who dont have WINDOWS installed, I am sure it dont take such *SMART* people to design an extra 2 webpages for LINUX and MAC users! Does their system work on "Virus Patterns" in datastreams coming from a computer or just the amount of traffic on a particular port? I'm running a packet sniffer and reviewing my log files to view the port activity on my network. Reports nothing unusual. I think they have a *BUG* in their system. When they contact me for not paying my bill I shall have my phone automaticaly divert them to an outbreak.lostmypatience.net message on my phone. They will be required to download an antivirus for their telephone and switch off their phone system for 4 hours then turn it back on. Then I might or might not allow them access to my telephone network in my home. When they tell me their phone system cannot run this particular antivirus I might just tell them to ring local telephone engineer to sort it out as I do not support their phone system. Anyway Ill keep you posted on how it develops! |
Re: outbreak.ntli.net
I believe it runs on traffic on ports.
I have a mailing list of about 250 addresses and my main mailhost was down at one point so I sent through NTL's SMTP. I then landed myself in the walled garden for 36 hours with NTL insisting that I had Netsky. Wrong! So yes, as others have suggested, check your ports. |
Re: outbreak.ntli.net
Quote:
Quote:
|
Re: outbreak.ntli.net
The Problem here is not with the detection tool as BBKing said they can't be 100% accurate, the problem is with the process put into place by ntl for dealing with calls from customer with this problem. The issue is that they need to have a way of overriding it for customer who say they are running linux. I'm sure if they really wanted to they could pass it to a third line who could then port scan said machine with something like nessus to identify the host behind it.
|
Re: outbreak.ntli.net
Quote:
|
Re: outbreak.ntli.net
Quote:
The high switching costs associated with moving ISP, plus the minimum contract period, allows NTL to get away with messing customers around. If we could change ISP at the click of a button, NTL would have a better walled garden. At the moment they're just using the system to score points as a "family friendly" ISP that takes its responsibilities seriously bla bla. |
Re: outbreak.ntli.net
Go through the motions, download what it says, and it'll probably release you
|
Re: outbreak.ntli.net
Quote:
1) Get every customer to keep you updated every time they change computers? You'd need to get down to details of which patch level they had. 2) Port scan every PC on the network (have to ban firewalls first) and try and fingerprint them? 3) Analyse everyone's web traffic and see if you can get it from headers? 4) Employ a team of people to ring up thousands of people a day and ask them? It's all very well saying this, but I don't think it's actually feasible. Quote:
It was done partly because we were getting hammered by traffic from worms and viruses, and partly because it became obvious that people don't fix their own PCs. We had to take steps to make them aware of it and how to do it. We could have just banned them, of course, as they were breaking their terms and conditions. If we wanted to score points as family friendly, surely we'd block porn sites at the proxies and take naughty newsgroups offline, filter all email, etc. Quite what's so bad about trying to stop worms and spam I'm at a loss to understand. Of course, I'd like to see us encourage Linux use at home by putting out our own distro with remote access tools built in for diagnostics and upgrades, but that's not going to happen, unfortunately. |
Re: outbreak.ntli.net
Tell me something here.
Given most (all?) 'botnets' are controlled by IRC and only a vanishingly small percentage of internet users actually use IRC ... no, I have no stats, but I stand by that assertion :) .. why don't ISPs simply block IRC until a customer asks for it? I doubt many calls would be made to get it un-blocked. |
Re: outbreak.ntli.net
Quote:
Not too sure about the Linux distro thing thougj, but still, bang on the money. :tu: :tu: :tu: |
Re: outbreak.ntli.net
I can certainly vouch for most botnets being controlled via IRC. I adminster an IRC server and I'm always having to kick them off (I hate botnets). However blocking irc isn't that simple, there is no one port that it uses (there is a default one though). And you can be sure that the botnet owners will rapidly change port numbers on you. Better to make sure/encourage people to keep their machines clean. After all, being part of a botnet and ddossing someone may be bad, but having your personal data stolen via a keylogger e.t.c is worse.
I could wish that IRC admins were a little more proactive about booting botnets off their servers. I often see signs of them on varius servers but no-one seems to take action :( Admittedly my server is a small one (we focus on creative writing) and so when a channel with 100+ weirdly named people turns up on it. it's a bit obvious :) |
Re: outbreak.ntli.net
Quote:
I can think of two problems with this.
|
Re: outbreak.ntli.net
Quote:
You could force everyone to run an app that walled-gardens them if they've not got all patches installed, but do we really want that? The surest way is to identify IPs that are sending traffic that looks like it comes from a virus - specific ports, patterns of scanning etc. This can be duplicated by someone on another OS, but it has to be done deliberately and is effectively malicious (if you know how to exploit a vulnerability and program your Linux box to do it, that'll appear indistinguishable from the original infection). |
Re: outbreak.ntli.net
Quote:
Quote:
Just imagine the situation... Techy people leaving/avoiding AOL because "you have to run their cr*p software", only to join NTL and find they have to run NTL's cr*p software... :D BTW, I'm quite happy with the system NTL have in place. Nice to see an ISP actually try and DO something about unpatched users. |
Re: outbreak.ntli.net
Quote:
|
Re: outbreak.ntli.net
Quote:
5 |
| All times are GMT. The time now is 06:57. |
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2026, vBulletin Solutions Inc.
All Posts and Content are © Cable Forum