http://isc.sans.org/index.php

Flash Update (May 3rd 09:30 AM): We did receive some initial reports about a significant rise in ICMP traffic, which may point to a new worm with Nachi style ICMP component

Seen it, a new ping-stormer definitely seems to be out there, in addition to the other worms.

Not seen significant NTL-source hits, but this thing looks like it hits a whole class A address block, and there's some pretty bad company in the 80.x.x.x range.

Maybe NTL's port blocking is now paying off, and at least some of the worms are being headed off at the pass.

I notice some little ntl based swine has been probing me several times tonight on ports 3127 & 6129. Strangely his IP reverse lookup is a manchester based xxxxx.broadband.ntl.com (as opposed to the normal xxxxx.cable.ntl.com). Is this some form of non cable broadband connection from ntl ?

I notice some little ntl based swine has been probing me several times tonight on ports 3127 & 6129. Strangely his IP reverse lookup is a manchester based xxxxx.broadband.ntl.com (as opposed to the normal xxxxx.cable.ntl.com). Is this some form of non cable broadband connection from ntl ?90% of my recent scans from Ntl users are from xxxxx.broadband.ntl.com only the odd one from xxxx.cable.ntl.com

his IP reverse lookup is a manchester based xxxxx.broadband.ntl.com (as opposed to the normal xxxxx.cable.ntl.com). Is this some form of non cable broadband connection from ntl ?*.broadband.ntl.com is normal for STB users and ex-C&W area;
*.cable.ntl.com is normal for cable modem users in non C&W areas.

*.broadband.ntl.com is normal for STB users and ex-C&W area;
*.cable.ntl.com is normal for cable modem users in non C&W areas.

Well you live & learn - thanks Robin.