I had Cox for a long while until a few months ago. The activity light blinks with activity from/to anyone on the same "subnet" (not sure that's the correct term), so it will blink with activity from/to your neighbors too. Not necessarily a need for concern. Jim wrote: > A friend of mine has cox for his ISP. I was over at his place recently > and noticed the activity light on his cable modem was blinking constantly > for the hour and a half I was there. I mentioned this to my friend and > told him the machine might have spyware on it. This guy's machine was a > hacker's dream. He didn't have any anti spyware software installed. He > had Norton antivirus but hadn't updated it in the several years he's owned > the machine. > > I updated norton and scanned the machine. It didn't have any viruses. I > installed spybot, updated it and ran it. It found a lot of stuff, but got > rid of it all. Even after all this, the activitiy light on the modem kept > blinking. A few days later I brought a knoppix CD and booted from it. > Even running knoppix from a CD the activity light was blinking. > > I eventually installed Mandrake on the machine and ran tcpdump to saw that > data was going between that machine and various cox.net machines. > > Why is cox constantly scanning customers' machines? Why do they need to > do this constantly? > > -- > In 08 vote for a crook you can trust. > Del Boy for President. > http://www.ofah.net > > On Tue, 7 Dec 2004, Bill Warner wrote: > > >>apt-get install portsentry >> >>do some quick reading up on it. It keeps people from randomly poking >>your box looking for a variability by blocking people, on the fly, that >>poke more than a configurable number of ports. With the option of >>returning a greeting message :) >> >>It also keeps COX from being able to scan your system as a side benefit. >> >>-Bill >> >>On Tue, 2004-12-07 at 13:26 -0700, June Tate wrote: >> >>>-----BEGIN PGP SIGNED MESSAGE----- >>>Hash: SHA1 >>> >>>Hey folks, >>> >>>I've been a bit of a long time lurker on this list, but I've recently >>>come up with a bit of a problem. Somebody, somewhere out on the 'net is >>>attempting to crack into my home server -- unfortunately, they seem to >>>be either using a few hundred zombie boxen on the 'net or spoofing their >>>IP addresses because each attack is coming from a completely different IP. >>> >>>The first time I noticed, I noticed a bunch of "Illegal user" error >>>messages in /var/log/auth.log. At first I didn't think much of it, but >>>since I've worked on the iptables firewall, I've noticed an almost >>>constant stream of incoming packets to random ports on my box, too. >>> >>>At first I thought he must have just found my box via an IP subnet scan >>>or something, but when I recently changed ISPs and IP addresses, he >>>followed via my domain name. >>> >>>My question is this: how can I track down this guy, blacklist, or >>>prevent him from breaching my defenses? Also, what should I do about >>>reporting him to the authorities? Who do should I contact about this? >>> >>>I've tried looking up his various IPs in the whois databases to no avail >>>- -- they list him as coming from Tokyo, Taiwan, South Africa, San >>>Diego, etc. >>> >>>My server is running Debian Linux, for reference. >>> >>>- -- >>>June Tate * http://www.theonelab.com * june@theonelab.com >>>-----BEGIN PGP SIGNATURE----- >>>Version: GnuPG v1.2.4 (GNU/Linux) >>>Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org >>> >>>iD8DBQFBthH8iLw1iDrV/zwRAiCeAJwPPONOvIGvZoz9adMsUn0hrLFsGgCfUEO5 >>>KP+6fLu8ghnczqPpFB2AEKc= >>>=1ye8 >>>-----END PGP SIGNATURE----- >>>--------------------------------------------------- >>>PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us >>>To subscribe, unsubscribe, or to change you mail settings: >>>http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss >> >>-- >>Bill Warner >> >>--------------------------------------------------- >>PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us >>To subscribe, unsubscribe, or to change you mail settings: >>http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss >> > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change you mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > -- -Eric 'shubes' "There is no such thing as the People; it is a collectivist myth. There are only individual citizens with individual wills and individual purposes." -William E. Simon (1927-2000), Secretary of the Treasury (1974-1977) "A Time For Truth" (1978), pg. 237 --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss