| Reporting abuse of DSL is a serious report, so we encourage you to make sure you
provide us with the necessary information we need to investigate these
reports. Be careful when reporting alleged hack attempts, or port scans,
for they may not really be what they seem.
To report any type of abuse such as
hack attempts or DOS attacks, please send an e-mail to
abuse@linkline.com.
You will need to include the following information:
If the needed information is not included then
we may not be able to investigate your report. If you would like to
report SPAM e-mail please click here
for more information.
Hack Attempt? Port Scan? More about them... There are
two very common irritating problems with all versions of
Microsoft Windows. It's auto-detection interface features appear to most
firewalls as port scans, looking at TCP port 139 and UDP port 138.
The reason these reports are proliferating is not
because of anything evil or nefarious, it is because more people are
installing "stateful inspection software" or firewalls.
If another customer clicks on "Explore Network
Neighborhood" that little wagging searchlight is actually the customer's
PC port-scanning every IP within its "network" for a netbios signature
and usually this is determined by the subnet mask. Since we bridge full
class C's, when this is done every machine within that class C is
scanned for a netbios/network connection signature. This is a marginally
useful tool for people to find other computers automatically, and in a
normal, textbook LAN this would be OK. Worse yet, some customers use
Microsoft Networking for their local network and use public assigned addresses.
PCAnywhere has a similar auto-detection program for
"fellow PCAnywhere systems" only the port is the one for PC Anywhere.
There are certain builds of Windows 95 and 98 that
apparently ignore the subnet mask and diligently attempt to scan every
IP address in the Class A block. But most of the "attacks" seem to be
within the same class.
Therefore, if customer #1 is 64.30.198.5 and the
supposed "evil hacker" is 64.30.198.222 it is 99% likely that the
"attack" is completely innocuous. Usually, true "hacker" attacks exploit
other ports such as telnet or certain ports that have been associated
with denial of service, and we will see a history of multiple scan.
There is nothing we can do short of blocking WAN access to
Microsoft networking and that would also stop legitimate and useful purposes. We are
providing full-service internet access, so therefore, there is a certain
risk inherent in connectivity. These programs are an excellent tool,
however, it would have been best if they would not set them up to snivel
about every innocuous port 139 "handshake".
If you still believe that you may have been
"hacked" or your DSL has been abused in any other way, then
please continue to fill out the form below.
|
