Unregistered
01-13-2004, 01:59 PM
Every so often my TCP ports: 8080, 4480, **28, 80, 6588 get scanned twice in succession from 2*7.*2.*08.*65.
My firewall picks this up and so I backtrace it:
Host Source:
% This is the RIPE Whois server.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/db/copyright.html
inetnum: 2*7.*2.*08.0 - 2*7.*2.***.255
remarks: *******************************************************
remarks: * Please send abuse reports to abuse@btopenworld.com *
remarks: *******************************************************
netname: BT-ADSL
descr: BAL
country: GB
admin-c: BTOW*-RIPE
tech-c: BTOW*-RIPE
status: ASSIGNED PA
mnt-by: BTNET-MNT
mnt-lower: BTNET-MNT
mnt-routes: BTNET-MNT
changed: support@bt.net 20000*27
changed: preston.dialip@bt.com 200*0628
changed: preston.dialip@bt.com 200***2*
changed: preston.dialip@bt.com 200****0
changed: preston.dialip@bt.com 20020724
changed: preston.dialip@bt.com 200*0820
source: RIPE
route: 2*7.*2.0.0/*2
descr: BT Public Internet Service
origin: AS2856
mnt-by: BTNET-MNT
changed: support@bt.net 2002*204
source: RIPE
role: BT OPENWORLD OPERATIONAL SUPPORT
remarks: ********************************************************
remarks: * Please send abuse reports to abuse@btopenworld.com *
remarks: * *
remarks: ********************************************************
address: BT
address: Openworld
address: UK
e-mail: ims.adastral@btopenworld.com
admin-c: IT**7-RIPE
tech-c: RJG*-RIPE
nic-hdl: BTOW*-RIPE
mnt-by: BTNET-MNT
changed: preston.dialip@bt.com 200*0520
source: RIPE
Destination Source:
% This is the RIPE Whois server.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/db/copyright.html
inetnum: 2*7.*2.0.0 - 2*7.*2.2*.255
netname: BT-MIDBAND
descr: BT-MIDBAND
country: GB
admin-c: KJH5-RIPE
tech-c: KJH5-RIPE
status: ASSIGNED PA
remarks: Please send abuse notification to abuse@bt.net
remarks: INFRA-AW
mnt-by: BTNET-MNT
mnt-lower: BTNET-MNT
mnt-routes: BTNET-MNT
changed: preston.dialip@bt.com 200*06*8
changed: preston.dialip@bt.com 200*08**
source: RIPE
route: 2*7.*2.0.0/*2
descr: BT Public Internet Service
origin: AS2856
mnt-by: BTNET-MNT
changed: support@bt.net 2002*204
source: RIPE
person: Ken Hayes
address: pp *04K
address: Network House
address: Goodall Street
address: Walsall
address: West Midlands
address: WS* 2HE
address: UK
phone: +44 **22 706**2
fax-no: +44 **22 6500*0
e-mail: kenneth.hayes@bt.com
nic-hdl: KJH5-RIPE
mnt-by: BTNET-MNT
changed: preston.dialip@bt.com 2002*0*7
changed: preston.dialip@bt.com 2002*0*7
source: RIPE
What’s going on here? Who is doing this and why, and how can I stop it?
Yours concernedly,
Orgone
My firewall picks this up and so I backtrace it:
Host Source:
% This is the RIPE Whois server.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/db/copyright.html
inetnum: 2*7.*2.*08.0 - 2*7.*2.***.255
remarks: *******************************************************
remarks: * Please send abuse reports to abuse@btopenworld.com *
remarks: *******************************************************
netname: BT-ADSL
descr: BAL
country: GB
admin-c: BTOW*-RIPE
tech-c: BTOW*-RIPE
status: ASSIGNED PA
mnt-by: BTNET-MNT
mnt-lower: BTNET-MNT
mnt-routes: BTNET-MNT
changed: support@bt.net 20000*27
changed: preston.dialip@bt.com 200*0628
changed: preston.dialip@bt.com 200***2*
changed: preston.dialip@bt.com 200****0
changed: preston.dialip@bt.com 20020724
changed: preston.dialip@bt.com 200*0820
source: RIPE
route: 2*7.*2.0.0/*2
descr: BT Public Internet Service
origin: AS2856
mnt-by: BTNET-MNT
changed: support@bt.net 2002*204
source: RIPE
role: BT OPENWORLD OPERATIONAL SUPPORT
remarks: ********************************************************
remarks: * Please send abuse reports to abuse@btopenworld.com *
remarks: * *
remarks: ********************************************************
address: BT
address: Openworld
address: UK
e-mail: ims.adastral@btopenworld.com
admin-c: IT**7-RIPE
tech-c: RJG*-RIPE
nic-hdl: BTOW*-RIPE
mnt-by: BTNET-MNT
changed: preston.dialip@bt.com 200*0520
source: RIPE
Destination Source:
% This is the RIPE Whois server.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/db/copyright.html
inetnum: 2*7.*2.0.0 - 2*7.*2.2*.255
netname: BT-MIDBAND
descr: BT-MIDBAND
country: GB
admin-c: KJH5-RIPE
tech-c: KJH5-RIPE
status: ASSIGNED PA
remarks: Please send abuse notification to abuse@bt.net
remarks: INFRA-AW
mnt-by: BTNET-MNT
mnt-lower: BTNET-MNT
mnt-routes: BTNET-MNT
changed: preston.dialip@bt.com 200*06*8
changed: preston.dialip@bt.com 200*08**
source: RIPE
route: 2*7.*2.0.0/*2
descr: BT Public Internet Service
origin: AS2856
mnt-by: BTNET-MNT
changed: support@bt.net 2002*204
source: RIPE
person: Ken Hayes
address: pp *04K
address: Network House
address: Goodall Street
address: Walsall
address: West Midlands
address: WS* 2HE
address: UK
phone: +44 **22 706**2
fax-no: +44 **22 6500*0
e-mail: kenneth.hayes@bt.com
nic-hdl: KJH5-RIPE
mnt-by: BTNET-MNT
changed: preston.dialip@bt.com 2002*0*7
changed: preston.dialip@bt.com 2002*0*7
source: RIPE
What’s going on here? Who is doing this and why, and how can I stop it?
Yours concernedly,
Orgone