I had Cox for a long while until a few months ago. The activity light
blinks with activity from/to anyone on the same "subnet" (not sure
that's the correct term), so it will blink with activity from/to your
neighbors too. Not necessarily a need for concern.
Jim wrote:
> A friend of mine has cox for his ISP. I was over at his place recently
> and noticed the activity light on his cable modem was blinking constantly
> for the hour and a half I was there. I mentioned this to my friend and
> told him the machine might have spyware on it. This guy's machine was a
> hacker's dream. He didn't have any anti spyware software installed. He
> had Norton antivirus but hadn't updated it in the several years he's owned
> the machine.
>
> I updated norton and scanned the machine. It didn't have any viruses. I
> installed spybot, updated it and ran it. It found a lot of stuff, but got
> rid of it all. Even after all this, the activitiy light on the modem kept
> blinking. A few days later I brought a knoppix CD and booted from it.
> Even running knoppix from a CD the activity light was blinking.
>
> I eventually installed Mandrake on the machine and ran tcpdump to saw that
> data was going between that machine and various cox.net machines.
>
> Why is cox constantly scanning customers' machines? Why do they need to
> do this constantly?
>
> --
> In 08 vote for a crook you can trust.
> Del Boy for President.
> http://www.ofah.net
>
> On Tue, 7 Dec 2004, Bill Warner wrote:
>
>
>>apt-get install portsentry
>>
>>do some quick reading up on it. It keeps people from randomly poking
>>your box looking for a variability by blocking people, on the fly, that
>>poke more than a configurable number of ports. With the option of
>>returning a greeting message :)
>>
>>It also keeps COX from being able to scan your system as a side benefit.
>>
>>-Bill
>>
>>On Tue, 2004-12-07 at 13:26 -0700, June Tate wrote:
>>
>>>>>>Hey folks,
>>>
>>>I've been a bit of a long time lurker on this list, but I've recently
>>>come up with a bit of a problem. Somebody, somewhere out on the 'net is
>>>attempting to crack into my home server -- unfortunately, they seem to
>>>be either using a few hundred zombie boxen on the 'net or spoofing their
>>>IP addresses because each attack is coming from a completely different IP.
>>>
>>>The first time I noticed, I noticed a bunch of "Illegal user" error
>>>messages in /var/log/auth.log. At first I didn't think much of it, but
>>>since I've worked on the iptables firewall, I've noticed an almost
>>>constant stream of incoming packets to random ports on my box, too.
>>>
>>>At first I thought he must have just found my box via an IP subnet scan
>>>or something, but when I recently changed ISPs and IP addresses, he
>>>followed via my domain name.
>>>
>>>My question is this: how can I track down this guy, blacklist, or
>>>prevent him from breaching my defenses? Also, what should I do about
>>>reporting him to the authorities? Who do should I contact about this?
>>>
>>>I've tried looking up his various IPs in the whois databases to no avail
>>>- -- they list him as coming from Tokyo, Taiwan, South Africa, San
>>>Diego, etc.
>>>
>>>My server is running Debian Linux, for reference.
>>>
>>>- --
>>>June Tate * http://www.theonelab.com * june@theonelab.com
>>>>>>---------------------------------------------------
>>>PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
>>>To subscribe, unsubscribe, or to change you mail settings:
>>>http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
>>--
>>Bill Warner <wwarner42@cox.net>
>>
>>---------------------------------------------------
>>PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
>>To subscribe, unsubscribe, or to change you mail settings:
>>http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
--
-Eric 'shubes'
"There is no such thing as the People;
it is a collectivist myth.
There are only individual citizens
with individual wills
and individual purposes."
-William E. Simon (1927-2000),
Secretary of the Treasury (1974-1977)
"A Time For Truth" (1978), pg. 237
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)