04-03-2004, 09:54
|
#1
|
|
cf.member
Join Date: Jan 2004
Posts: 23
|
NTL are hacking me
I have just been warned by my firewall (Norton) that there was a recent attempt to hack my computer. Having folloed the trace it has taken me to NTLs nottingham site. What is this about?
inetnum: 62.254.0.0 - 62.254.31.255
netname: NTL
descr: NTL Internet
descr: Nottingham site
country: GB
admin-c: NNMC1-RIPE
tech-c: NNMC1-RIPE
status: ASSIGNED PA
mnt-by: AS5089-MNT
changed: hostmaster@ntli.net 20010108
changed: hostmaster@ntli.net 20020815
source: RIPE
|
|
|
|
04-03-2004, 09:57
|
#2
|
|
Guest
Location: Luton
Services: NTL Nafband
Posts: n/a
|
Re: NTL are hacking me
 to nthellworld.co.uk Mickmc 
What type of trafic has it blocked ?
It could be belated dhcp or dns acks that have set off the alarm....
Can you post the log please.
|
|
|
|
|
04-03-2004, 09:57
|
#3
|
|
Designed by engineers.
Join Date: Jun 2003
Location: Shaw, Oldham, Lancashire.
Services: VIP pack, V+ & Samsung stb's. 2 Phone lines. 20 Meg BB.
Posts: 3,933
|
Re: NTL are hacking me
Hi, and , Ntl are not hacking you, you need to configure your firewall to allow certain servers trusted access, See Robon Walkers excellent website, a link is near the bottom of the home page.
Edit. B***Y Hell Stu, you are fast,:pp
__________________
"The inherent vice of capitalism is the unequal sharing of the blessings. The inherent blessing of socialism is the equal sharing of misery".
|
|
|
|
|
04-03-2004, 09:58
|
#4
|
|
.
Join Date: Jun 2003
Posts: 6,239
|
Re: NTL are hacking me
Hi & Welcome to nthw.
ntl are not attacking you at all. It's more than likely an ntl customer with a PC that hasn't been properly protected, & is infected with a virus/trojan that is sending out traffic to random I.Ps.
Not much you can do really except make sure that you have a decent firewall, & make sure your O/S is fully patched up.
|
|
|
|
|
04-03-2004, 10:02
|
#5
|
|
cf.member
Join Date: Jan 2004
Posts: 23
|
Re: NTL are hacking me
Thanks folks but this happened repeatedly yesterday and has again happened twice today. Why would anyone from NTL want to access my computer?
|
|
|
|
|
04-03-2004, 10:04
|
#6
|
|
Guest
Location: Luton
Services: NTL Nafband
Posts: n/a
|
Re: NTL are hacking me
Quote:
|
Originally Posted by mickmc
Thanks folks but this happened repeatedly yesterday and has again happened twice today. Why would anyone from NTL want to access my computer?
|
You need to post the details m8...... There are thousands if not millions of diferent types of attack's.....
See if you can post the event log or at least give the details of the scan/probe.
|
|
|
|
|
04-03-2004, 10:07
|
#7
|
|
.
Join Date: Jun 2003
Posts: 6,239
|
Re: NTL are hacking me
Quote:
|
Originally Posted by mickmc
Thanks folks but this happened repeatedly yesterday and has again happened twice today. Why would anyone from NTL want to access my computer?
|
They wouldn't.
As I said it probably a user whose PC is infected, & they don't even know about it.
|
|
|
|
|
04-03-2004, 10:10
|
#8
|
|
cf.member
Join Date: Jan 2004
Posts: 23
|
Re: NTL are hacking me
Details:
Attempted Intrusion "HTTP_IIS_ISAPI_Extension" against your machine was detected and blocked
Intruder: 62.254.0.12(16370)
Risk Level: High
Protocol: TCP
Attacked IP: mickmc(**.***.**.***).
Attacked Port: http(80)
Click on the address to trace the attacker You can get detailed information about this attack at Symantec Security Response
[Edit]-I've removed your I.P address, Neil.
|
|
|
|
|
04-03-2004, 10:11
|
#9
|
|
cf.member
Join Date: Jan 2004
Posts: 23
|
Re: NTL are hacking me
Dont you all think this is suss
|
|
|
|
|
04-03-2004, 10:12
|
#10
|
|
Designed by engineers.
Join Date: Jun 2003
Location: Shaw, Oldham, Lancashire.
Services: VIP pack, V+ & Samsung stb's. 2 Phone lines. 20 Meg BB.
Posts: 3,933
|
Re: NTL are hacking me
Quote:
|
Originally Posted by mickmc
Thanks folks but this happened repeatedly yesterday and has again happened twice today. Why would anyone from NTL want to access my computer?
|
What port is the attack hitting. I have one US based IP that has hit my firewall 129 times in the past week mainly port 1026, this is almost certainly a virus infected PC.
Edit . Port 80. looks like Neil is correct, don't worry about it, just think of it as a burglar that has walked past your house and left you alone because you have an alarm fitted.
__________________
"The inherent vice of capitalism is the unequal sharing of the blessings. The inherent blessing of socialism is the equal sharing of misery".
Last edited by iadom; 04-03-2004 at 10:15.
|
|
|
|
|
04-03-2004, 10:14
|
#11
|
|
Guest
Location: Luton
Services: NTL Nafband
Posts: n/a
|
Re: NTL are hacking me
Quote:
|
Originally Posted by mickmc
Details:
Attempted Intrusion "HTTP_IIS_ISAPI_Extension" against your machine was detected and blocked
Intruder: 62.254.0.12(16370)
Risk Level: High
Protocol: TCP
Attacked IP: mickmc(**.***.**.***).
Attacked Port: http(80)
Click on the address to trace the attacker You can get detailed information about this attack at Symantec Security Response |
Are you running a web server ? If not then this is nothing to worry about.
Its an expliot for IIS servers - http://www.microsoft.com/technet/sec...n/MS01-033.asp
If your firewall has blocked it then you dont have a problem...
The request apears to have orinated from an NTL proxy.. Someone may be using the proxy to relay the scan.
|
|
|
|
|
04-03-2004, 10:23
|
#12
|
|
Cable Forum Team
Join Date: Jun 2003
Location: It's Lahndun, Innit?
Age: 37
Services: Virgin for TV, BT for phone and Be* for Broadband.
Posts: 17,475
|
Re: NTL are hacking me
Quote:
|
Originally Posted by mickmc
Dont you all think this is suss
|
As Neil said, it's probably just a customer with an infected PC. He or she may not even be aware that they are doing it. These things happen nowadays. At one point, my firewall was getting hit 100 times a day by virus infected PCs.
If you are concerned, send a copy of your logs to abuse@ntlworld.com. They can track the user down, and warn him or her.
__________________
Just to make it clear if a post is bold and is from a team member, it's a moderating decision. If it's not bold or not from a team member, it's not.
"This is an important announcement. This is flight 121 to Los Angeles. If your travel plans today do not include Los Angeles, now would be a perfect time to disembark.”
|
|
|
|
|
04-03-2004, 10:25
|
#13
|
|
Guest
Location: Luton
Services: NTL Nafband
Posts: n/a
|
Re: NTL are hacking me
How are they going to track down the user when the reported IP is a proxy server ?
|
|
|
|
|
04-03-2004, 10:31
|
#14
|
|
cf.member
Join Date: Jan 2004
Posts: 23
|
Re: NTL are hacking me
Well thanks for all the reassurance folks. You have all been great.
|
|
|
|
|
04-03-2004, 10:39
|
#15
|
|
Cable Forum Team
Join Date: Jun 2003
Location: It's Lahndun, Innit?
Age: 37
Services: Virgin for TV, BT for phone and Be* for Broadband.
Posts: 17,475
|
Re: NTL are hacking me
Quote:
|
Originally Posted by stuartbe
How are they going to track down the user when the reported IP is a proxy server ?
|
You posted while I was typing that..
Anyway, surely it depends if the proxy is logged?
__________________
Just to make it clear if a post is bold and is from a team member, it's a moderating decision. If it's not bold or not from a team member, it's not.
"This is an important announcement. This is flight 121 to Los Angeles. If your travel plans today do not include Los Angeles, now would be a perfect time to disembark.”
|
|
|
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT +1. The time now is 08:59.
|
Join CF
You are here: 
