Hi I have Blackice firewall installed on my machine and iam getting a lot of attacks everyday and one of these attacks is from the same company iam with and on the list i see [ Scanner.abuse.Blueyounder.co.uk ] What does this mean ? Blueyounder is my ISP and iam using cable modem (Broadband) Thanx for your help guys

I would put up a better firewall then Blackice.

What you are probably seeing is the IP# that Blueyounder has out on lease to someone. And as far as a trace might be able to go is just back to Blueyounder, and not all the way to the origin of the attacking computer. Just fill out a form of some type with the information from your log telling Blueyounder of the attack. Most ISP's have a standard e-mail account for users to send computer attack info to. The ones that I have sent info to have been "abuse@ISPNAME.net. If I had to guess @ Blueyounder's I would say abuse@Blueyounder.co.uk. In case it would help, here is a form that someone had included in a paper on what to do in cases of port scans and attacks. I use it as a template for reporting to ISP's. V-Peace-V To: Abuse@sourceISP.net From: Your e-mail address Subject: Security issue - Source IP: 200.200.200.200 To whom it may concern: The purpose of this e-mail is to make you aware of a potential security issue appears to be originating from your network. My firewall recently logged the following event which appears to have originated from your network: DateTime: 01-Dec-2001 23:01 UTC Source IP: 200.200.200.200 IP Protocol: TCP Source Port: 1234 Destination IP: 205.152.0.0 (masked) Destination Port: 111 This connection attempt was unsolicited and therefore, may indicate that your host is compromised or is being used for unauthorized purposes. If you have any questions or need further information, please do not hesitate to contact me. Regards, John T. Wall

There is nothing to worry about. What Blueyonder is doing is checking for open ports for specific server application which are not allowed under Terms and Conditions. The main reason for this is because some people will setup news/email servers which allows people from outside Blueyonder network to send spam all over the world. This has been a huge problem until recently when Blueyonder has decided to take action against such persons. I remember last year, many ISP had threatened to reject email and news messages comming from Blueyonder users because of spam. If you have nothing to hide then there's nothing to worry about.

Very good & interesting information PhArAoH. Thanks! V-Peace-V