I've noticed a massive increase in attempts to access my computer at port 27374 which I understand to be SubSeven, but ZoneAlarm blocked it. This never happened with my previous ISP so why would there be a sudden increase in the number of attempts when using BT? All of these attempts came from a BTi IP address. Anyone else had this problem?

Yes its popped up a few times on mine.

It's just popped up again whilst reading your reply, port 27374 blocked! If it gets worse I might act on it, it's being logged after all.

is it coming from 213.46.223.73 ??
i get repeated 'attacks' from that IP but my firewall blocks it - do you think it has something to do with the two hour cut-offs?

Alaric

With dynamic IP addresses, more than likely they're trying someone who used to have that address. If you don't have the client installed there is nothing to worry about!

I used to get SO many port probes when I was on RedHotAnt (RIP). The problem with firewalls is that they alert you to things you'd normally not notice, and when they are harmless like this it can get you a bit paranoid. Just make sure your computer is clean and there is nothing to worry about. :)

Okay maybe I am getting a bit paranoid. :rolleyes:
I get lots of background 'noise' which I ignore but I know 27374 is not one to trust and having had my screen turned back to front, upside down, the CD drive going barmy and then restarted... well, I think I should be paranoid ;) No chance of the server still being on my comp since I reformatted very recently but you never know!
Alaric, I've been getting them from various IPs, the vast majority from 213.122.x.x's but all beginning 213. As for the cut off period, well, usually I get pings from BTi which might have something to do with it but the firewall drops these too.

angel,i doubt that,
i was connected through the night, but with the two hour disconnects :/
however, it came from the same IP from 11 last night till 12 today :/
thus with the two hour disconnects i doubt it was a bti user :/

Alaric,

OK, just did a whois on that IP you posted, and its registered to a broadband ISP in Amsterdam. So, I guess it ain't a BT Internet customer then... it reverse-DNS'd to an irc address is well, so could be some IRC moron, which seems v. likely with Subseven. :(

If they are a broadband then there's a chance they have a fixed IP rather than a dynamic one, so it may be worth emailing the ISP. You can get the details at http://www.ripe.net/cgi-bin/whois?query=213.46.223.73&.submit=Submit+Query


Synergy,

Point taken. I'd be paranoid in a similar situation. Confess that I tend to get a bit dismissive about these things, working around them a lot. But then I haven't been on the receiving end of a nasty BO or Sub7...

I use a small program to check IPs for me (IPLookup). All mine were BTi customers :( Could you not (theoretically, I'm not going to :)) email the ISP with the log so they could check it against IPs and times used or do they not log who uses what IP and when?
Were you on the last board angel? The name seems familiar, if you were, good to see you here :cool:

You can email the ISP even if they use dynamic IPs. If you want to do that though you should ensure that your PC clock is synced to an NTP server (and tell them that it is) and not just "about right".

If you send in logs with the time inaccurate then you could be condemning the wrong person.

That is the problem with dynamic IPs - don't really want to kick off the wrong person. That's why you should try to keep your clock synced and only report multiple attacks because then there's a chance or cross-referencing the same user at different times to be sure it is the same one.

Synergy - yeah, I was on the old net4nowt, lurking on the RHA and ntl boards mostly :) Thanks for the welcome - glad to see you're still around too!