Nortons has jumped in over the past few days with this alert - did a check with the IP number and it is showing NTL Broadband - Nottingham - its been the same IP nuber all the time - do I report it to NTL abuse -

thanks for replies in advance

There PC's probably infected by the virus, so its nothing malicious from that person.. NAV is doing its job by protecting you anyway, so your not in any trouble :)

Maybe NTL abuse will give that person a prod into removing the virus though? So might be a good idea :)

Thanks steve:)

i keep getting the same thing lassie kerio firewall keeps picking it up though the same port

You should still report it as other people may not be so well protected and thus get infected by this person.

There is a new web form for reporting these sort of incidents to Ntl. Do not email abuse@ntl.com ...use this web form.

http://www.ntlworld.com/netreport

Might be a good idea to stick this info or add it to the main "security" thread.

I am still getting hit with this - I now have 4 reference numbers pending, and nothing to confirm anything is being done. I have tried phoning the tel number which is on the above link, and after pressing/dialing a certain amout of numbers the line is going dead - yet if I phone after hrs the number is OK and asks me to phone after 8 am or leave a message:erm:

i have reported it by phone and e.mail i have heard like you lasssie nothing from ntl yet

i have reported it by phone and e.mail i have heard like you lasssie nothing from ntl yetIt would be very unusual if Ntl did contact you, the large volume of reports they receive make this impractical.
Firstly, if your firewall is working correctly you have very little to worry about from these hits on your firewall, and I can confirm that sooner or later IP's that I have on very rare occasions reported, eventually disappeared from my logs, and these are ones that have appeared over a period of several months, 15 or 20 times each day.

I am still getting hit with this - I now have 4 reference numbers pending, and nothing to confirm anything is being done. I have tried phoning the tel number which is on the above link, and after pressing/dialing a certain amout of numbers the line is going dead - yet if I phone after hrs the number is OK and asks me to phone after 8 am or leave a message:erm:

You reported it via the form iadom posted?

http://www.ntlworld.com/netreport ?

Not sure if you'l get a reply to it, may just be to notify NTL of any problem's regarding viruses, or the like.

I am still getting hit with this at least 10 times a day -

I am still getting hit with this at least 10 times a day -Don't worry about it, my firewall has registered over 70 "hits" in the past 2 hours. It is almost as bad as the port 135 problem from a few months back. ports 1026/7 count has rocketed. As was said at the beginning of this thread, this is almost certainly not malicous,but from an unsuspecting user with a virus infected PC. It will take time but eventually the IP you mentioned will vanish from your logs, only to be replaced by thousands of others.:)

Is is best not to get too paranoid about firewall logs, by all means keep an eye on them but if you keep your AV/firewall up to date and properly configured, and use a good adware/spyware blocking you will be fine.

uhh... is xp firewall sufficient?

uhh... is xp firewall sufficient?Not really, it prevents things coming in but is not very good at preventing nasties from trying to connect from within your PC.
The basic Zone Alarm is free and it is well worth using that or something similar.

Finally they have stopped - sure glad of this

uhh... is xp firewall sufficient?
In SP2 I'd say yes but not the old one