Posted on 2006-07-05
We recently have been alerted by our isp that we have a port scanning worm in our system and so they set up a filter to shut off our internet access until we remove it from our network so it won't affect their network. Problem is we have sophos enterprise for our antivirus and we are clean so far and yet they still insist we have a virus of some type. Problem is that by shutting off internet access, we can't ge email and our vpn is down. It seems harsh to turn off internet access for this since one of the first steps in fixing virus outbreak is to go out to internet and get latest ides or check website of existing antivirus vendor so disinfection instructions can be obtained but without internet this is not possible. If everyone who got a virus all over the world got their internet access shut off, nobody would be able to recover unless they could use sytem restore in xp but even this is hit or miss. My question is does anyone know if this is getter more common these days to filter a company's internet access when a possible infection is detected or is the isp we have using too stringent a system? Spoke to their tech support and they agreed it is difficult to fix a virus infection when internet access is shut down yet nobody wants to take responsibility there and they all said they do it to protect their network not ours. At least a virus is free while we are paying them to give us downtime. Thinking of getting another isp but for time being we need internet to be turned on so getting new isp will still take time so currently we are at their mercy. Any ideas? How do we check for port scanning activity on our netscreen firewalls? Thanks.