NTL Security probe
 

www.security.scanner.ntli.net - 62.253.160.70

Got scanned twice today:
Ports 2745, 3127, 420, 5000, SMTP (25)
I don't recognize 420, though the others are frequently part of a virus/worm probe

http://www.ntl-isp.ntl.com/ServiceSt...spx?FaultID=90

Nice to know they're being pro-active, and don't waste time reporting the address to NTL, Dshield or Mynetwatchman

Re: NTL Security probe
 

420 is SMTPE. nice that they are now including security.scanner for the DNS lookup, they must have got fed up with all the abuse reports.

Re: NTL Security probe
 

Oh, well there's a surprise!
But not much info yet...
www.security.scanner.ntli.net

Re: NTL Security probe
 

Yep - I got scanned tonight - they all bounced off my firewall. :)

Re: NTL Security probe
 

Whats it for? Are they checking how many people have firewalls? Or how many are running servers? :confused:

Re: NTL Security probe
 

Just checking through my firewall logs, got scanned lastnight, tried to scan port 25 so I can only assume they are checking customers machines to determine if they are operating as a web or mail server.

Re: NTL Security probe
 

Both probably.

Re: NTL Security probe
 

u wasnt allowed to run webservers originally was u ? i think u can - i checked my logs i cant find any scans on that IP

Re: NTL Security probe
 

How typical of NTL to lie about what they're doing .. "network maintenance" doesn't need to port scan specific ports like these.

Re: NTL Security probe
 

How exactly are they lying ? - do you have some inside knowledge on what they are scanning for ? - they have told you that you will be scanned, and they were right.

Re: NTL Security probe
 

I have heard from 2 friends on NTL who have had letters about spam emails (supposedly) originating from their NTL email accounts, (even tho they havent been involved in that activity). In both cases ive talked them through removing any malware/trojans, to stop NTL from d/c'ing them as stated in the letter.

Im half sure some new virus/trojan/malware is specifically targeting ntl connections through fake emails and/or ntl network port scans (to find unporotected pc's) .
I myself have had alot of unusual firewall activity, and alot of disconects from the BB service when using online games/messenger apps/web browsing.
Although im at a loss to say who/what is causing the abnormal traffic, i know it is there.

edit! hmm the relation to this this thread was supposed to be, that NTL must be probing/scanning ntl addresses (hopefully not the reason for my D/c's :)) , to find out which ones are being exploited by mass mailer daemons, or other malware or maybe even p2p usage. as in the letters to my friends about it.

btw just as i was writing this i got 4 zone alarm blocked msgs. all from same ip but diff ports.
IP:219.150.118.21 on ports 12490,29503,13694.10596 all to my ip on port 1026.

funnily enough this is linked to a dos attack

hmm maybe ET is trying to get noticed

Re: NTL Security probe
 

Pass the crack pipe, Alice. What does this have to do with network maintenance? I happen to know ntl do rather a lot of network maintenance, I'm involved with it.

Re: NTL Security probe
 

SO, what DO port scans have to do with network maintenance? More specifically, why THESE ports in particular. Random probes I may accept have use, these are too specific .. they're looking for something and not saying what it is, instead they're inferring it's routine 'maintenance'.

THAT's why they're lying!

Re: NTL Security probe
 

they are most likely looking for viruses/worms spreading by windows exploits or whatever, that is maintenance as it will cut down traffic on the network making more available to you and making the network quicker :)

Re: NTL Security probe
 

Precisely.