Printable View
If you provided the whole WHOIS lookup I could help more.
It looks to me like scannerabuse.blueyonder.co.uk is where to report any scanning abuse by someone on their network (Blueyonder.co.uk is the ISP). It should provide an abuse email where you can send a firewall log report to along with the IP scanning you.
Don't rule out the following programs that use some of these ports, RealPlayer, IM, WinAmp, etc, as well as for spyware, most to me look like the high ports many of these programs use to push ads, getting real used to the RealPlayer hits when people in the office use it. What is running when these or this scan hit? Google search like port scan and the port see what it says, then look to see what is running.
domain name blueyonder.co.uk
registerd for telewest communications
registerd on 19th-oct-99
record last update on 28-may 2002 by [email protected]
domain servers listed in order
ns.blueyonder.co.uk 195.188.53.114
ns2.blueyonder.co.uk 195.188.53.113
ns3.blueyonder.co.uk 194.117.152.85
whois from neotrace express
domain name blueyonder.co.uk here goes xmaddness
registerd for telewest communications
registerd on 19th-oct-99
record last update on 28-may 2002 by [email protected]
domain servers listed in order
ns.blueyonder.co.uk 195.188.53.114
ns2.blueyonder.co.uk 195.188.53.113
ns3.blueyonder.co.uk 194.117.152.85
inetnum: 193.38.36.0 - 193.38.127.255
netname: UA
descr:united artists
country: gb
admin-c CS82-RIPE
tech-c CH2524-RIPE
rev-srv ns.cablenet.net
rev-srv ns2.cablenet.net
rev-srv homer.telewest.co.uk
status assigned pa
mint-by ripe-ncc-none-mnt
changed [email protected] 19960529
changed [email protected] 19990706
changed [email protected] 20010221
source ripe
route 193.38.96.0/19
descr telewest broadband
origin as5462
notify [email protected]
mint-by as5462-mnt
changed [email protected] 20020610
person chris stallwood
address telewest communications
address unit 1 genisis buissness park
address working surrey gu215rw
address united kingdom
from neo trace express
yup... e-mail [email protected] with the logs and an explanation of what happened. See what he says.
thanks again xmaddness i will do it first thing 2 morro its like 3.00 am here ty again :) <rant>with a tired look in his eye </rant>
looking at your print outs, somethings missing to me. where's the addy that scanned you. i see whois blueyonder.co.uk.
if you do a ping -a of the ip address that scanned you what does it say?
is it a pointer?(PTR)
Try Arin Whois on www.google.com