Rage Against The Isp
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Rage Against The Isp

  1. #1

    Rage Against The Isp

    Hi
    This thread was gonna be called Rage Against the Virus(i lov Rage Against The Machine),
    but my dam ISP is more IRETATING
    than the worst kind of virus(damn ISP)

    It all began when i installed ZONEALARM,ZoneAlarm kept picking up Intrusions from variuas
    ports mostly NetBOIS UDP,
    -IT has already picked up 70 INTRUSIONS wich of 59 is HIGH rated.

    So I thought i would ask my ISP,before i ask you guyz(and gulz).
    My ISP wich is the "GREAT" South African ISP, M-WEB ,told me(via E-MAIL)
    AND THIS IS THEIR DAMN REPLY(and I qoute):

    ---"
    Good day
    Thank you for contacting us.

    I cannot give you any real advise on this as we do not support 3rd party software accept that all these calls are coming in via udp port, configer your firewall to block udp calls.
    Please do not hesitate to contact us or our Technical Support Helpline on 0860 11 22 52 should you require any additional assistance. If you only have the one line you can contact us on 08216100 via your cellphone.

    Kind regards

    Veon Battista
    M-Web Dial Services
    Customer Service Representative"

    So I phoned that "SUPPORT" "HELP"-line,and i was put through to the "advanced" "SUPORT"
    department.
    I told him that its NOT the software that is the prob(so its not a 3rd-party thing) and that
    there is traffic and intrusins on my PC.

    The guy said:" THERE IS ABSALUTELY NOW WAY ANYONE COULD HACK OR GAIN ACCESs TO YOUR COMPUTER,
    NOT EVEN ME,BECAUSE M-WEB HAVE GOT A FIREWALL(does he think i dont know that ****) THAT PROTECTS
    YOU."
    He also said:"ITS YOUR FIREWALL THAT IS THE PROBLEM,YOU NEED TO INTSALL IT AGAIN(dumbass).
    GOODBYE"

    Now where does that leave me?->****en nowhere,so the only ones that could help me is YOU AO

    HERE IS a few logs(parts only,cause putting the whole log on would be un-ending):

    I am jus masking the DESTINATION(PARANOIA REASONS)

    type,date,time,source,destination,transport
    FWIN,2003/06/12,22:47:34 +2:00 GMT,196.7.205.238:1027,255.255.255.255:137,UDP
    FWIN,2003/06/12,23:38:40 +2:00 GMT,196.7.205.238:1027,255.255.255.255:137,UDP
    FWIN,2003/06/12,23:43:30 +2:00 GMT,196.7.205.238:1025,255.255.255.255:137,UDP
    FWIN,2003/06/12,23:49:18 +2:00 GMT,68.75.249.230:1028,255.255.255.255:137,UDP
    FWIN,2003/06/12,23:50:56 +2:00 GMT,196.7.206.59:1028,255.255.255.255:137,UDP
    FWIN,2003/06/12,23:57:54 +2:00 GMT,196.7.205.238:1026,255.255.255.255:137,UDP
    FWIN,2003/06/13,00:04:12 +2:00 GMT,196.7.206.59:1026,255.255.255.255:137,UDP
    FWIN,2003/06/13,00:15:16 +2:00 GMT,196.7.206.59:1027,255.255.255.255:137,UDP
    FWIN,2003/06/13,00:20:00 +2:00 GMT,196.7.206.59:1029,255.255.255.255:137,UDP

    and another

    FWIN,2003/06/14,17:07:28 +2:00 GMT,24.220.133.101:1413,255.255.255.255:139,TCP (flags:S)
    FWIN,2003/06/14,17:27:14 +2:00 GMT,63.226.202.88:1025,255.255.255.255:137,UDP
    FWIN,2003/06/14,17:34:00 +2:00 GMT,61.100.122.38:1029,255.255.255.255:137,UDP
    FWIN,2003/06/14,17:54:34 +2:00 GMT,65.81.134.245:50023,255.255.255.255:137,UDP
    FWIN,2003/06/14,18:26:14 +2:00 GMT,24.232.131.144:1038,255.255.255.255:137,UDP
    FWIN,2003/06/14,18:26:44 +2:00 GMT,61.218.63.164:1026,255.255.255.255:137,UDP
    FWIN,2003/06/14,18:33:12 +2:00 GMT,196.7.204.38:1057,255.255.255.255:137,UDP

    Can anyone PLEASE tell me why is this happening??
    Or is my ISP right??


    I got ZoneAlarm's link here on AO so YOU guyz oughta know more,
    and if this is NORMAL.
    None of my other firewalls picks it uo and i have re-installed ZoneAlarm
    and oh-yeah My CONECTION is slower(that i know is always a BAAAAAD sign)



    *************************AO VIRUS WARNING************************
    *In the SECURITY TOOLS in VIRUS-SCANNERS there is a scanner *
    *named *
    * BACK-WORK- IT is a TROJAN *
    * *
    * *
    * *
    * *
    *****************************************************************


    Thank You for reading this post,if you need more details ->I'll gladly supply.
    And PLEASE DO ENJOY YOUR DAY.

  2. #2
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Actually, their response is quite adequate. A quickie investment in a linksys or dlink or any of the many other brands of router/dhcp server/firewall combos (40 to 50 dollars US) would instantly take care of the traffic you are seeing. ISP's will almost never block anything, with an exception when you are experiencing the effects of a DoS or DDoS attack and need to limit the traffic upstream from your connection.

    An ISP's role is no different than a telephone companies. They are there to ensure a stable connection between you and the outside world, that is their primary concern, which is why you may or may not get tons of telemarketing calls (I don't know if it is as bad in South Africa as US, but I would assume so), they are just providing the service, not regulating it.

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  3. #3
    Senior Member
    Join Date
    Mar 2003
    Location
    central il
    Posts
    1,779
    I am amazed that none of the other firewalls you have tried picks this up (what sle have you tried). Unfortunitly this is probably normal...welcome to this wounderful new world broadband has opend us up to, every moron with a zombied machine scanning the web for new systems to infect, drop zonealarms into stealth mode, scan your system for viri and torjans that may be anounceing your address then get your IP rotated.
    Who is more trustworthy then all of the gurus or Buddha’s?

  4. #4
    Senior Member Zonewalker's Avatar
    Join Date
    Jul 2002
    Posts
    949
    [edit] heh I really will have to stop being so verbose won't I... people just keep getting in there whilst I'm typing - thanks nebulus and bballad [/edit]

    Can we at least spell words properly - it makes things easier to read.

    Yes it is quite normal to have this many attempts to connect to your computer... not all of these are going to be hack attempts incidentally... some, if not the majority, of them will just be other machines pinging you to say 'hello' (as it were)

    This IP for example 196.7.205.238 according to ARIN is

    OrgName: UUNET Internet Africa
    OrgID: IAFR
    Address: P.O. Box 44633
    Address: CLAREMONT
    City: CAPE TOWN
    StateProv: WCAPE
    PostalCode: 7735
    Country: ZA

    NetRange: 196.7.0.0 - 196.7.255.255
    CIDR: 196.7.0.0/16
    NetName: NETBLK-TICSA-BLK1
    NetHandle: NET-196-7-0-0-1
    Parent: NET-196-0-0-0-0
    NetType: Direct Allocation
    NameServer: NS1.IAFRICA.COM
    NameServer: NS2.IAFRICA.COM
    NameServer: AUTH200.NS.UU.NET
    NameServer: AUTH210.NS.UU.NET
    Comment:
    RegDate: 1993-10-14
    Updated: 2003-03-13

    TechHandle: UIA-ORG-ARIN
    TechName: UUNET SA
    TechPhone: +27.21.658.8585
    TechEmail: noc@uunet.co.za

    OrgTechHandle: UIA-ORG-ARIN
    OrgTechName: UUNET SA
    OrgTechPhone: +27.21.658.8585
    OrgTechEmail: noc@uunet.co.za

    which accounts for the majority of the attempts in the first section -looks like your ISP (or at least the people who run your ISP) is pinging you to make sure you are still there.

    68.75.249.230 is Ameritech Electronic Commerce.. the others look relatively harmless but you can check them out using ARIN (http://www.arin.net) if you don't have a tool like Sam Spade (available for free from http://www.samspade.org/) or something. Zone alarm tends to be relatively 'vocal' about alerting you to connection attempts - most of the time it's not anything to worry about. I should point out that you haven't been hacked ZA is just telling you that an attempt to connect to your PC was made.... it's outgoing connections you really have to worry about.

    Z
    Quis Custodiet Ipsos Custodes

  5. #5
    Thank you for putting me at rest

    My other firewalls include Sygate Personel Firewall ; RatScan and a few others that arn't any
    good.
    i have run an WhoIs on these guyz but it really didn't matter to me from where it was coming
    just the fact that there is constantly a ZoneAlarm pop-up every 5min.

    Here in the RSA we dont really get that many TeleMarketing calls, about 2calls a month.
    !!!Hey i found one thing in wich we are better than da US of an A-> people dont bug us as much here,damn we're good ,he he he.Jus kidding america you know i lov ya.

    Thankz for the help, and advice.

  6. #6
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Here in the RSA we dont really get that many TeleMarketing calls, about 2calls a month.
    *drool* My god that would be wonderful...I probably get oh I don't know an average of five calls a day? Our state finally adopted a no-call list that starts July 1st...*fingers crossed*

    EinzTein, netbios is by nature a very chatty protocol, and when you factor in all the problems with worm infections running rampant, there really isn't much of a point trying to track them all down...those people are having those kind of problems because of a lack of attention to their servers in the fist place...

    You really should get a good hardware firewall to filter out all the nasty stuff before it ever makes it to your PC's...(We block tcp/139 and probably get oh I dunno, 1.3M hits a day? :P )

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  7. #7
    Senior Member
    Join Date
    May 2003
    Posts
    747
    *drool* My god that would be wonderful...I probably get oh I don't know an average of five calls a day? Our state finally adopted a no-call list that starts July 1st...*fingers crossed*
    I don't want to dash your hopes nebulus, but we signed up to that list in my state over a year ago, and we still recieve around 5 a day. I think its time i get the The TeleZapper from walmart. I wonder if that thing really works or not, cause the sign-up list were on is not doing the trick.

  8. #8
    DAMN 5 a DAY!!! gee

    I would go mad jus absalutely MAD.
    Here we dont have that kind of money to spend for Telemarketing-> phone calls are really expensive ->about 1DOLLAR for an hour, but there is this service where you(Residential line only) pay 7RAND (just under a DOLLAR) per call then from 7PM to 7AM you can talk/surf
    as long as you want to.
    How much do you USA'ers pay for a Phone call??

  9. #9
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Hmmm...depends heavily on your service...

    For example, MCI's The Neighborhood, you can get local and long distance service with alot of bells and whistles (caller id, call blocking, call forwarding, etc) for a flat rate of 60 dollars / US month. No long distance charges, no local charges...period. Great if you make alot of long distance calls (which even at cut rates are still minimally 3 cents/minute ).

    Then you kinda have to flip around and look at things, you can usually get some combination of a fixed amount charged a month and then a low per call charge (for example, 20 dollars month, + 3 cents minute).

    These are however, just for local residences. When you start talking about businesses that have high call volumes, then they start getting significant discounts for their services. I am not familiar with what the charges are...it might be a high dollar amount but when you consider what it is per call...it is trivially small.

    /nebulus

    I don't want to dash your hopes nebulus, but we signed up to that list in my state over a year ago, and we still recieve around 5 a day. I think its time i get the The TeleZapper from walmart. I wonder if that thing really works or not, cause the sign-up list were on is not doing the trick.

    The telemarketers have already found ways around it. The way the telezapper works is to send a number disconnected tone when it detects the connection. It used to work to screw up the automated dialers that go around and find active numbers; however, last I read, they had made adjustments to it to where it didn't work anymore...

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  10. #10
    Well lucky you guyz.W cant choose ,pay a fixed national rate (+1$ an hour) and an international rate
    wich i am not to sure about cause last time i phoned international i didn't have any money
    left to spend on luxeries for a month its about 5$ a minute-no thats not a typing error
    its 5$ p/minute.
    Here we only pay our only Provider(TELKOM) 59rand (about 7 $) p/month to get
    those Identicall etc. gadgets.I always thought those gadgets r toooo expensive
    but you just proved me wrong(I think i should go get me one now)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •