Cable Forum - View Single Post

grubbymitts · 26-03-2006, 07:51

Oplan,

It's perfectly normal for your u/s and d/s to flash on and off - it is usually just the modem communicating to the NTL proxy servers to say "Hello I'm here, are you?" to which the server will reply "Yep, I'm here are you still here?" to which your machine replies, "yes I'm here, are you still there?" ad infinitum. It's how the Internet works.

The other reasons that there may be constant activity is virus or spyware on your pc, which you say you have thoroughly checked or someone is port scanning your pc (and probably everyone else in your local area) to see if they can get in. Don't worry about that either as you have a firewall that will block any attempts to get in (and 99% of the time you have to have a trojan horse on your pc or an old version of lsass.exe or some other not updated windows program listening at the port for access anyway).

Talking about Port Scanning, the source ip in your second picture is an NTL DNS server. A DNS server is the machine that takes an internet address such as google.com and changes it to an IP address so that your browser can go there. I was reading on another website that the latest attack vector by hackers to disrupt networks is to bombard the DNS servers of that network with random rubbish and IP addresses, thus slowing down the servers - which is what happened a few weeks ago and probably on Wednesday night. They can use the DNS servers to port scan for open ports with their already compromised machines listening behind them and use those machines to attack again. Hiding behind a DNS server gives them a further level of anonomity. Someone (usually more than one) using that NTL proxy has probably got a hacked PC (they won't know they have) and it is bombarding the DNS server, which is firing out port scans at you - but Mcafee is blocking it. It is not a personal attack at you - I bet your whole area is suffering, and it will pass soon when the compromised machines either get cleaned or their bot masters move them on to another IP range when they can't access your pc.

I'm as paranoid as you can get when I'm online, and I don't think there's anything to worry about with your situation.

Sime

26-03-2006, 07:51	#159
grubbymitts Inactive Join Date: Mar 2005 Posts: 544	Re: Connection to BBC/Google etc? Oplan, It's perfectly normal for your u/s and d/s to flash on and off - it is usually just the modem communicating to the NTL proxy servers to say "Hello I'm here, are you?" to which the server will reply "Yep, I'm here are you still here?" to which your machine replies, "yes I'm here, are you still there?" ad infinitum. It's how the Internet works. The other reasons that there may be constant activity is virus or spyware on your pc, which you say you have thoroughly checked or someone is port scanning your pc (and probably everyone else in your local area) to see if they can get in. Don't worry about that either as you have a firewall that will block any attempts to get in (and 99% of the time you have to have a trojan horse on your pc or an old version of lsass.exe or some other not updated windows program listening at the port for access anyway). Talking about Port Scanning, the source ip in your second picture is an NTL DNS server. A DNS server is the machine that takes an internet address such as google.com and changes it to an IP address so that your browser can go there. I was reading on another website that the latest attack vector by hackers to disrupt networks is to bombard the DNS servers of that network with random rubbish and IP addresses, thus slowing down the servers - which is what happened a few weeks ago and probably on Wednesday night. They can use the DNS servers to port scan for open ports with their already compromised machines listening behind them and use those machines to attack again. Hiding behind a DNS server gives them a further level of anonomity. Someone (usually more than one) using that NTL proxy has probably got a hacked PC (they won't know they have) and it is bombarding the DNS server, which is firing out port scans at you - but Mcafee is blocking it. It is not a personal attack at you - I bet your whole area is suffering, and it will pass soon when the compromised machines either get cleaned or their bot masters move them on to another IP range when they can't access your pc. I'm as paranoid as you can get when I'm online, and I don't think there's anything to worry about with your situation. Sime