Sponsored Links

Is BT invading my computer?

I installed BT's plug-and-go ADSL a few days ago (no complaints there - quick, easy and running well so far). Today I installed Norton Personal Firewall, and I discover that BT are trying to gain access to my Mac every couple of hours or so. According to Norton, they are trying to get to a web server, which my computer isn't running. The message Norton displays every time this happens goes like this:
Port: 80
Mode: TCP
IP address: 217.39.54.216
Host name: host 217.39.54.216in-addr.btopenworld.com

(The IP address changes from time to time)

What's going on?

Since installing the firewall I've been shocked at the number of unknown entities trying to gain access to my system. It's a real eye opener. I doubt BT have any malicious intent, but I still think it's curious.

Regards,

Worldling
 
They are probably checking that you are NOT running a webserver - is a a breach of T&C to do so?
 
Hmm. I suppose that's possible. But as far as I can tell hosting a web server isn't against the T&C. In the FAQ, they do say this:

"Unfortunately, because the USB ASDL service uses an asymmetric path and dynamic IP address allocation, it is physically impossible to do Web hosting now. Once the new Static IP/NoNAT product is launched (USB), it will be possible to do Web Hosting, but because of the asymmetric issue BTopenworld do not recommend this."

So web hosting doesn't look like something they'd go out of their way to check up on.

Regards,
Worldlling
 
Sponsored Links
Hi,

The IP number you gave there is one for BT ADSL customers. Here are the details:

inetnum: 217.39.0.0 - 217.39.255.255
netname: BT-ADSL
descr: IP Pools
country: GB

route: 217.32.0.0/12
descr: BT Public Internet Service

This means that it is probably another BT customer, rather than BT trying, to connect to you.

There are a lot of Code Red and Code Red II infected web servers that are still sitting on networks and these send out probes whilst looking for other web servers to infect.

Many people install their servers with all the default options and install IIS without even realising it and then leave port 80 open. Because they are not using it they don't bother with patches so they are quickly infected.

Code Red variants try to scan for other IIS servers in their immediate neighbourhood first, so will try IP numbers closest to their own ie. other BT ADSL customers.

That's probably what's happening in your case since the accesses are looking for port 80. Make sure that you didn't install IIS by default since you may have been infected before you had a firewall. You may also have a personal web server loaded. This would have advertised port 80 before you had a firewall which may have attracted attention.

If you had an Intrusion Detection piece of software like Black Ice running behind your firewall I suspect this would be picking up the port 80 connections as Code Red probes.

I hope that helps.

Regards
Emeric

[ 22-03-2002: Message edited by: Cloud Nine Customer Services ]</p>
 
Thank you, Emeric, for your most enlightening reply. I don't have IIS, and I'm fairly sure I'm not infected, but I am very grateful to you for clearing up this mystery. (And glad I invested in a firewall!)

Regards,

Worldling
 
If your firewall logs the contents of the packets you can see what is being asked for. I run a webserver on my dialup connection and its log shows me all the code red, nimda etc probes I get.
 
Sponsored Links
I left BT some time ago, but suffered the same
problems, one machine with Norton and the other
with Zone Alarm. I am with AOL now and have only
had an alert two or three times
 
Top
Cheap BIG ISPs for 100Mbps+
Community Fibre UK ISP Logo
150Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £22.99
132Mbps
Gift: None
Vodafone UK ISP Logo
Vodafone £24.00 - 26.00
150Mbps
Gift: None
NOW UK ISP Logo
NOW £24.00
100Mbps
Gift: None
Plusnet UK ISP Logo
Plusnet £25.99
145Mbps
Gift: £50 Reward Card
Large Availability | View All
Cheapest ISPs for 100Mbps+
Gigaclear UK ISP Logo
Gigaclear £17.00
200Mbps
Gift: None
Community Fibre UK ISP Logo
150Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £22.99
132Mbps
Gift: None
Hey! Broadband UK ISP Logo
150Mbps
Gift: None
Youfibre UK ISP Logo
Youfibre £23.99
150Mbps
Gift: None
Large Availability | View All
Sponsored Links
The Top 15 Category Tags
  1. FTTP (6024)
  2. BT (3639)
  3. Politics (2720)
  4. Business (2439)
  5. Openreach (2405)
  6. Building Digital UK (2330)
  7. Mobile Broadband (2144)
  8. FTTC (2083)
  9. Statistics (1899)
  10. 4G (1814)
  11. Virgin Media (1763)
  12. Ofcom Regulation (1582)
  13. Fibre Optic (1467)
  14. Wireless Internet (1462)
  15. 5G (1405)
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms  ,  Privacy and Cookie Policy  ,  Links  ,  Website Rules