Hi All,
Since I can't get anywhere with the AT&T broadband abuse and legal
department, I figured I run this by the group. For the past 3-4 months I
have been repeatedly port scanned by the following 2 ip addresses
66.30.136.77 and 66.30.136.236 at least 10-20 times a day. I have sent
numerous emails including the log files to the legal department asking
them if these were legitimate security scans from their security group
or just rogue customer accounts. If they are legitimate security scans
then I don't have a problem with that, but I've been told by various
customer service reps including people in the abuse department that they
don't know if they belong to the security group. How can you not know
what ip addresses would be connected with the security group? Either way
they won't give me an answer or make the scans stop.
As you'll see from the log snippet below, the scans are going out to the
broadcast address and to the ports 27020/27021 and 10056/10061. The
ports never change and I was wondering what they would be looking for.
12/06/2001 21:32:19.112 Port Scan 66.30.136.236, 3837, WAN
255.255.255.255, 27021, LAN
12/06/2001 21:47:13.640 Port Scan 66.30.136.236, 3838, WAN
255.255.255.255, 27020, LAN
12/06/2001 22:02:23.032 Port Scan 66.30.136.77, 1025, WAN
255.255.255.255, 10056, LAN
12/06/2001 22:02:23.032 Port Scan 66.30.136.77, 1025, WAN
255.255.255.255, 10061, LAN
I am completely aggravated with the abuse/legal department and was
wondering what the group here thought about this. Thanks so much!
