> > After investigating this on your behalf I have discovered that the > > packets come from our Customer Help modem interface which we use for > > diagnostics and troubleshooting. I think that in the time that you > > checked the packets, one of our technicians was pinging your internal IP > > address from here;
ROTFL.... stop looking into the crystal ball and get some real answers from up-level. So customer help has been pinging everyone's modem, every few seconds, for the past N months? Ts ts ts. > the overall performance somewhat. What is more concerning is that > TelstraClear have not provided a satisfactory explanation as to the source > of, or reason for, the packets. Personally I don't see this as being too big a concern. That it takes a little out of my bandwidth would be my biggest consideration. > Thus one comes to the logical conclusion > that they simply do not know what the source is. No, one doesn't. There are other possible explanations: 1) They know the source, but don't tell for fear of being sued. 2) They know the source, but don't tell because they don't want an embarrassingly stupid network setup known in public. 3) They know the source, but for some stupid reason can't fix it. Or the cost of the fix exceeds the value of the benefit. 4) They know little but don't consider it worthwhile finding out more. 5) I'm sure there are more possibilities. If Telstra's routers route 172.x.x.x traffic all around the cable network, they have misconfigured routers. If the traffic comes from a customer, it shouldn't be routed to all other customers either. Suggests it comes from within. In any case, it shouldn't be too hard to trace if they wanted to, so I don't believe they don't know the source (assuming they looked for it). > sophisticated, because it appears to indicate a machine which is searching > for an unprotected port. Exactly how do you reason this? Aren't you making a few too many shaky assumptions? > Thus one comes to the inescapable conclusion that this traffic is nefarious > in some way. *May* be nefarious, yes perhaps, *is* nefarious - no proof for that. Anyway, why are you so stubbornly concerned about a bunch of Microsofties with a possibly open port? Volker -- Volker Kuhlmann is list0570 with the domain in header http://volker.dnsalias.net/ Please do not CC list postings to me.
