Intrusions by ISP

Discussion in 'privacy problems' started by Checkout, Apr 4, 2002.

Thread Status:
Not open for further replies.
  1. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    The greatest number of hits on my ZAP logs are from my ISP - IP Protocl 89 and 103 being the most recent.  There seems to be an enormous number of different types of intrusions - ICMP, Finger, UDP, etcetera.  Either that or I'm being probed by other users on my ISP's network.  Is that likely?  Why would my ISP try so many different ways to probe me?  I've noticed similar things with CompuServe too, when I've used it as an ISP - mostly probes from CompuServe France.

    I'm sure this is all so-called 'background noise' but what's it trying to achieve?   o_O
     
  2. luv2bsecure

    luv2bsecure Infrequent Poster

    Joined:
    Feb 9, 2002
    Posts:
    713
    Checkout - It's one of the big mysteries for me as well. It's the same thing as you described and it drives me crazy. There's hardly a minute when my activity light isn't buzzing with activity. I am not into that and don't understand it all, but I sure wish I knew why my ZA logs are always filled up with all that stuff from the ISP. Maybe someone can help us out?

    Take care!

    John
     
  3. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Checkout - What it's trying to achieve could be many things, your ISP checking for problems, checking to see if your connection is active (in the case of people who get dis-connected if their not actually using their connection - sucking up bandwidth for no reason) , port probes from scriptkiddies - the list is actually kind of endless.

    I just ignore it unless the hits are close together and all from the same source. Pete
     
  4. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Ugh.  Will-um watch-um, Kimosabe!
     
  5. snowman

    snowman Guest

        Checkout


       for the past few weeks I have been logging countless contacts from "proxy cache servers"......very often it will appear that a person's IP is scanning when in fact its one of the cache servers...........

      when a person trys to access a url instead of going directly to the url a "copy" of the url will be sent from the cache server......this imo is a very serious security problem....in numerous ways............but to date its been ignorred..........personally O don't want a "copy" of someone's trogan or virus.

       an yes...it may in fact just be harmless scans by your ip.............have you try to trace them?    you may just be surprised.       also, after weeks of blocking the proxy cache servers located so far.....no harmful effects have been noticed.....
     
  6. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Snowman, thanks for the post - and good to see you again.  Your style is distinctive!
     
  7. snowman

    snowman Guest

          Checkout

         hey friend....really nice to see you again .....hope you are doing well.


        amasingly since blocking those sneaky cache servers I rarely get an alert from my firewall......unfortunately the cache servers are rather difficult to locate.....they remain hidden for the most part.....fortunately once blocked they remain blocked.

       eventually I may decide to take the time to make a personal list of all the addys...many of the smaller ip's are being forced to use the cache servers......an someday this may result in a massive problem for the entire internet.........of course anything on the cache servers can be read by whomever.......this was the brainchild of M$......an we all know about M$.....

       well enough said on the subject.....wishing you well Checkout.......have a pleasent weekend..
     
Thread Status:
Not open for further replies.