And this same IP address keeps wanting to attack me, is it a person who's trying to hack into my computer, is it a website, or what? :confused:

2*2.***.**2.4,5*

And the risk is noted as "Medium"

It's happened a lot this month, actually.

Happened since the **th March and before-hand, probably.

Tried to attack me twice a day yesterday, wtf!

And this same IP address keeps wanting to attack me, is it a person who's trying to hack into my computer, is it a website, or what? :confused:

2*2.***.**2.4,5*

And the risk is noted as "Medium"

It's happened a lot this month, actually.

Happened since the **th March and before-hand, probably.

Tried to attack me twice a day yesterday, wtf!

The hostname of that IP address is this:

th-cache-0.ns.uk.tiscali.com

It's a home connection in the UK. It's unlikely they can exploit your computer in any way unless you have not patched in a long time and your firewall is badly configured.

So in other words, these attacks are probably harmless. If you're really concerned, buy yourself a router to hide your computer(s) from the Internet.

As long as you don't port forward, and you follow mike's s***estions, you're safe.

It says Tiscali!?

That's my internet service provider :eek:

The person is running a port scan in your IP range. I use to be scanned by someone in france. People just leave the program running using a scanner on ip rages from blahh blahh to blah blah.
Heres a little info,including the ABUSE email adress ;)

2*2.***.**2.4 = [ th-cache-0.ns.uk.tiscali.com ]


(Asked whois.ripe.net:4* about 2*2.***.**2.4)

inetnum: 2*2.***.**2.0 - 2*2.***.**2.*5
netname: UK-AS**05
descr: Tiscali UK Ltd Telehouse DNS Network
descr: ==========================================================
descr: Concerning abuse and spam ... mailto: abuse@uk.tiscali.com
descr: e-mail to other addresses will not be dealt with.
descr: ==========================================================
country: GB
admin-c: TU**5-RIPE
tech-c: TU**5-RIPE
status: ASSIGNED PA
mnt-by: TU**5-RIPE-MNT
mnt-lower: TU**5-RIPE-MNT
mnt-routes: TU**5-RIPE-MNT
remarks: INFRA-AW
source: RIPE Filtered
role: Tiscali UK
address: Tiscali UK Limited
address: 20 Broadwick Street
address: London W*F 8HT
phone: 44 207 087 2000
remarks: Information: http://www.tiscali.com <-- hmmm
org: ORG-TUL*-RIPE
admin-c: DC-RIPE
admin-c: DG**05-RIPE
admin-c: GD**05-RIPE
tech-c: DC-RIPE
nic-hdl: TU**5-RIPE
remarks: Host****** Role Account
mnt-by: TU**5-RIPE-MNT
source: RIPE Filtered
abuse-mailbox: abuse@uk.tiscali.com <--- Ta Taaa
route: 2*2.***.0.0/*6
descr: Tiscali UK Limited
origin: AS**05
mnt-by: TU**5-RIPE-MNT
source: RIPE Filtered
------------------------------------------------------------------------
my 2 cents:cool:

How did you get that?

And why would Tiscali do it?

How did you get that?

You can retrieve information about any domain name using whois:

http://en.wikipedia.org/wiki/WHOIS

I bet $50 it's your own IP..

Norton is stupid like that.. just tell norton not to give you warnings about it in the future..

If it's not your IP address then don't worry about it, as Norton is successfully blocking the attack..

Port scanning is not attack.They are every day a lot port scanning on the internet where people randomly enter ip range and then scan it for proxies, trojans etc...


btw

To retrieve information about ip address or domain name try this WhoIs domain (http://www.ipaddresslocation.org/cgi-bin/wp.cgi) tool from Ip Address Location (http://www.ipaddresslocation.org/)



Server Used: [ whois.ripe.net ]

2*2.***.**2.4 = [ th-cache-0.ns.uk.tiscali.com ] inetnum: 2*2.***.**2.0 - 2*2.***.**2.*5
netname: UK-AS**05
descr: Tiscali UK Ltd Telehouse DNS Network
descr: ==========================================================
descr: Concerning abuse and spam ... mailto: abuse@uk.tiscali.com

descr: e-mail to other addresses will not be dealt with.
descr: ==========================================================
country: GB
admin-c: TU**5-RIPE
tech-c: TU**5-RIPE
status: ASSIGNED PA
mnt-by: TU**5-RIPE-MNT
mnt-lower: TU**5-RIPE-MNT
mnt-routes: TU**5-RIPE-MNT
remarks: INFRA-AW
source: RIPE Filtered
role: Tiscali UK
address: Tiscali UK Limited
address: 20 Broadwick Street
address: London W*F 8HT
phone: +44 207 087 2000
remarks: Information: http://www.tiscali.com
org: ORG-TUL*-RIPE
admin-c: DC-RIPE
admin-c: DG**05-RIPE
admin-c: GD**05-RIPE
tech-c: DC-RIPE
nic-hdl: TU**5-RIPE
remarks: Host****** Role Account
mnt-by: TU**5-RIPE-MNT
source: RIPE Filtered
abuse-mailbox: abuse@uk.tiscali.com

route: 2*2.***.0.0/*6
descr: Tiscali UK Limited
origin: AS**05
mnt-by: TU**5-RIPE-MNT
source: RIPE Filtered

some ISP's will scan their ip's to see if they are active.

some ISP's will scan their ip's to see if they are active.

I don't know what you mean by that; if you mean they port-scan to see if a particular IP address is in-use, they don't, because as soon as you connect to their service it's all logged on their systems for usage analysis and other means of spying on you. They know everything about their network; times of connection, times of disconnection and so on.

If you mean they port-scan IP addresses to detect users hosting services from their boxes (against some terms of service of ISPs), I wouldn't doubt them doing this, but the bandwidth might be a problem for them. Most likely they would just block popular service ports (e.g. 80) to impose their 'unlimited' service rules on you; their definition of unlimited being you don't use your connection for anything other than passive Internet-use such as browsing, don't download at full speeds for longer than one minute, you don't upload at all apart from to request web pages (their crappy upload speeds take care of this), don't use BitTorrent at all, don't host anything, pretty much don't do anything interesting on the net apart from browse generic mainstream news sites, because to them unlimited is a marketing term. To them, all users downloading at max speeds 24/7 would cripple their network, because it was built under the assumption that only * in *0 users would actually be doing anything at any given time.

Hi Mike, you are correct, sometimes it is forbidden under the conditions of your account to have *any* kind of server online. So each user is routinely scanned for ports like HTTP,
SMTP etc. After they discover an active server on your machine, you get
nasty mail.