Solved

ISP question

Posted on 2006-07-05
8
242 Views
Last Modified: 2010-03-17
Hi,

We recently have been alerted by our isp that we have a port scanning worm in our system and so they set up a filter to shut off our internet access until we remove it from our network so it won't affect their network.  Problem is we have sophos enterprise for our antivirus and we are clean so far and yet they still insist we have a virus of some type.  Problem is that by shutting off internet access, we can't ge email and our vpn is down.  It seems harsh to turn off internet access for this since one of the first steps in fixing virus outbreak is to go out to internet and get latest ides or check website of existing antivirus vendor so disinfection instructions can be obtained but without internet this is not possible.  If everyone who got a virus all over the world got their internet access shut off, nobody would be able to recover unless they could use sytem restore in xp but even this is hit or miss.  My question is does anyone know if this is getter more common these days to filter a company's internet access when a possible infection is detected or is the isp we have using too stringent a system?  Spoke to their tech support and they agreed it is difficult to fix a virus infection when internet access is shut down yet nobody wants to take responsibility there and they all said they do it to protect their network not ours.  At least a virus is free while we are paying them to give us downtime.  Thinking of getting another isp but for time being we need internet to be turned on so getting new isp will still take time so currently we are at their mercy.  Any ideas?  How do we check for port scanning activity on our netscreen firewalls?  Thanks.
0
Comment
Question by:eservando
8 Comments
 
LVL 7

Accepted Solution

by:
imacgouf earned 100 total points
Comment Utility
Hi,

Did the ISP show you any report or log to show you that such activity is happening.

Here is one article
Port scans may not always signal attacks, research indicates
A study found little correlation between port scanning and network attacks
http://www.computerworld.com/securitytopics/security/story/0,10801,106849,00.html

Here  in the link below shows the type of ports and tools which may help you in your quest
Network Security Auditing / Monitoring Tools
http://www.cromwell-intl.com/security/security-netaudit.html

0
 
LVL 14

Assisted Solution

by:ECNSSMT
ECNSSMT earned 100 total points
Comment Utility
well weekend is fast approaching; it may give you some time to do some investigating.  Haven't used netscreen; but if you've used either etherpeek or ethereal you can attempt to see which devices are sending out consistant traffic to various ports; the ones I've seen queries successive ports so you may see something like destination 10.1.1.1:2000; 10.1.1.1:2001; 10.1.1.1:2002 etc.  Once you locate those boxes; either try to clean them with an anti-virus product; or if your site uses images for your desktop and laptops; just reimage them.  Or if you can do that; just mark them and turn them off or remove them from the network so that they may be isolated away from the network.  Once you think you have that; contact the ISP and negotiate the reconnection of your internet.

I'm kinda wondering if they are bots or zombies....

Regards
0
 
LVL 6

Assisted Solution

by:Booda2us
Booda2us earned 100 total points
Comment Utility
Hello eservando, Your ISP should provide you with information and support to solve this, since it was them that delivered the worm to you after all,(unless its proven to be internally activated). Like Imacgouf  mentioned, they should have some documentation, to assist you in hunting it down and ultimately killing it, or proving it's harmless..Like you said they've cut off access to updating your A-V, or diagnostic abilities, leaving you out in the cold. My ISP shut down some ports a few years ago during an attack  to stop proliferation of a worm or virus,(I don't remember which one), but it was only for a week or so until the fix could be distributed. We still had Internet acess though, I have never heard of a complete shutdown of service before. Make loud complaints....
0
 

Assisted Solution

by:contrlkaos
contrlkaos earned 100 total points
Comment Utility
I would just be rational with them.  Tell them you need to have them turn enable the connection while you're on the phone.  In that short period, go download AVG's Free AV, and update it.  Shouldn't take more than 2-3 minutes.  

Just be rational and be calm.  It goes along way trust me.
0
 
LVL 1

Assisted Solution

by:mbavisi
mbavisi earned 100 total points
Comment Utility
Sounds to me like this ISP dont have a clue about what they are talking about. Ive never seen an ISP shut down a DSL connection just because they had a virus, if that was the case, half the internet would be shut down by now.

Unless

1)you were 'spamming' them with mail, or

2)someone on the internet must of complained they were getting problems from you IP


Tell your ISP you have fixed the problem and have bought a new PC.

Run windows in safe mode with networking, download ethereal.

Disconnect physically from the internet, restart your PC in normal mode, launch ethereal, look out for dodgy packets going to internet, kill processes in your task manager till this stops, or use 'msconfig' to restrict the programs that start up on launch.

Dont worry about your ISP, bypass them with that excuse earlier, most ISP tech support are dumb anyway.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

    Over the past few years, small business and home owners have become so dependent on internet that a need for redundancy has arisen.    What happens when your small business or home / home office loses its internet connection?  The results c…
This solves the problem of diagnosing why an internet connection is no longer working. It also helps identify the likely cause of the lost connection if the procedure fails to re-establish your internet connection. It helps to pinpoint the likely co…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now