Kevin, this ip belongs to a customer, not an internal ATTBIS machine. the 66.30.136.77 ip dns's to h00a0cc5d079f.ne.mediaone.net which is the standard entry for a customer's machine. h -> for home 00a0cc5d079f -> the nic's mac addy of the machine ne _> New England mediaone.net -> self-expl.
this ip traceroutes to the Needham,MA area Jim ----- Original Message ----- From: "Kevin Lisciotti" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, December 07, 2001 9:48 AM Subject: Mediaone/AT&T broadband port scans > Hi All, > > Since I can't get anywhere with the AT&T broadband abuse and legal > department, I figured I run this by the group. For the past 3-4 months I > have been repeatedly port scanned by the following 2 ip addresses > 66.30.136.77 and 66.30.136.236 at least 10-20 times a day. I have sent > numerous emails including the log files to the legal department asking > them if these were legitimate security scans from their security group > or just rogue customer accounts. If they are legitimate security scans > then I don't have a problem with that, but I've been told by various > customer service reps including people in the abuse department that they > don't know if they belong to the security group. How can you not know > what ip addresses would be connected with the security group? Either way > they won't give me an answer or make the scans stop. > > As you'll see from the log snippet below, the scans are going out to the > broadcast address and to the ports 27020/27021 and 10056/10061. The > ports never change and I was wondering what they would be looking for. > > 12/06/2001 21:32:19.112 Port Scan 66.30.136.236, 3837, WAN > 255.255.255.255, 27021, LAN > 12/06/2001 21:47:13.640 Port Scan 66.30.136.236, 3838, WAN > 255.255.255.255, 27020, LAN > 12/06/2001 22:02:23.032 Port Scan 66.30.136.77, 1025, WAN > 255.255.255.255, 10056, LAN > 12/06/2001 22:02:23.032 Port Scan 66.30.136.77, 1025, WAN > 255.255.255.255, 10061, LAN > > I am completely aggravated with the abuse/legal department and was > wondering what the group here thought about this. Thanks so much! > > >
