Our ISA server is being repeatedly scanned by a variety of Nildram dynamic
ip addresses - anyone else seeing this?

Nildram Abuse team say all we can do is to ensure our server is protected -
do they not have a responsibility to warn their customers (whether they are
deliberate attempts, or attempts due to trojan infection??)

Thanks

On Mon, 08 Dec 2003 20:37:11 +0000, Andy Blanchard
wrote:

More worryingly I have had 1403 probes from the obviously spoofed
source IP of 127.0.0.1 which would imply that Nildram do not have a
robust anti-spoofing policy on their routers. I sent this to the
abuse team some time ago and have seen no sign of any action; sure
it's only background noise, maybe a few MB a day, but it's still damn
annoying.

Are you sure about that? :-)

127.0.0.1 is the loopback address, it is your computer that is
generating the packets.

I'm afraid that a sort of automated warning system which automatically
takes action against our customers for generating too much "noise" is
out of the question.

What surprises me is that normally when you report this kind of activity to
an ISP, 9 times out of 10 they do stop the abuse. Nildram seem to just shrug
their shoulders (althought I'm glad to see that representatives do post in
these forums).

Is there some problem that would prevent Nildram from speaking to the owner
of the IP address and asking them to check out their PC?