btech Posted December 27, 2005 Share Posted December 27, 2005 I sent an email to Limelight Networks, because I've noticed that the few times I'm online [at] home, my firewall shows many, many attempted connects to my computer. Is there any validity to what the abuse desk replied? I'm no IP guru, but it sounds like he replied BS to me. I don't know all the intricacies of port scans, but I know that I don't use any of the software that's listed to be associated with that IP and port in the below logs. That leads me to believe it's malicious... since the company would not say what the specific names of the 'programs' mean or are for, that only leads me to believe more that it's not a website that I'm visiting. (please correct me if I'm wrong) --- Notes added below ------------------------------------------------------ Hello, Our CDS boxes are used for content distribution for 100's of content companies, they are causing false positives on your firewall from servers that are behind a load balancer. These are either broken connections or errors coming from the servers instead of the load balancer. There is nothing malicious about this traffic. Limelight Networks ----- COMPLAINT ----- Date: Fri, Dec 23 2005 22:13:43 Request created by X[at]comcast.net I have received the following port scans to my computer TODAY, from IPs that are listed as being assigned to you: Parsing input: 68.142.79.115 host 68.142.79.115 (getting name) = cds115.lax.llnw.net. No recent reports, no history available Routing details for 68.142.79.115 [refresh/show] Cached whois for 68.142.79.115 : ipadmin[at]limelightnetworks.com Using abuse net on ipadmin[at]limelightnetworks.com abuse net limelightnetworks.com = abuse[at]limelightnetworks.com, abuse[at]gblx.net Using best contacts abuse[at]limelightnetworks.com abuse[at]gblx.net Statistics: 68.142.79.115 not listed in bl.spamcop.net More Information.. 68.142.79.115 not listed in dnsbl.njabl.org 68.142.79.115 not listed in dnsbl.njabl.org 68.142.79.115 not listed in cbl.abuseat.org 68.142.79.115 not listed in dnsbl.sorbs.net 68.142.79.115 not listed in relays.ordb.org. Reporting addresses: abuse[at]limelightnetworks.com abuse[at]gblx.net 2005/12/23 12:44:47 68.142.79.115 cds115.lax.llnw.net 80 2068 Port 2068 (TCP) 2005/12/23 12:44:49 68.142.79.112 cds112.lax.llnw.net 80 2073 Port 2073 (TCP) 2005/12/23 12:44:50 68.142.79.112 cds112.lax.llnw.net 80 2076 Port 2076 (TCP) 2005/12/23 12:44:50 69.28.178.51 cds21.sjc.llnw.net 80 2080 Port 2080 (TCP) 2005/12/23 12:45:02 69.28.159.60 cds30.iad.llnw.net 80 2074 Port 2074 (TCP) 2005/12/23 12:45:02 69.28.155.16 cds4.lga.llnw.net 80 2079 Port 2079 (TCP) 2005/12/23 12:45:04 69.28.159.217 cds117.iad.llnw.net 80 2070 Port 2070 (TCP) 2005/12/23 12:45:16 68.142.79.115 cds115.lax.llnw.net 80 2068 Port 2068 (TCP) 2005/12/23 12:45:25 68.142.79.112 cds112.lax.llnw.net 80 2073 Port 2073 (TCP) 2005/12/23 12:45:27 68.142.79.112 cds112.lax.llnw.net 80 2076 Port 2076 (TCP) 2005/12/23 12:45:27 69.28.178.51 cds21.sjc.llnw.net 80 2080 Port 2080 (TCP) 2005/12/23 12:45:28 69.28.159.60 cds30.iad.llnw.net 80 2074 Port 2074 (TCP) 2005/12/23 12:45:28 69.28.155.16 cds4.lga.llnw.net 80 2079 Port 2079 (TCP) 2005/12/23 12:46:14 68.142.79.112 cds112.lax.llnw.net 80 2073 Port 2073 (TCP) 2005/12/23 12:51:38 70.86.27.146 img330.imageshack.us 80 2728 SQDR 2005/12/23 17:53:04 68.142.79.111 cds111.lax.llnw.net 80 2101 rtcm-sc104 2005/12/23 17:53:05 69.28.159.205 cds105.iad.llnw.net 80 2099 H.225.0 Annex G 2005/12/23 17:53:05 69.28.151.135 cds305.sjc.llnw.net 80 2092 Descent 3 2005/12/23 17:53:05 68.142.72.25 cds5.ord.llnw.net 80 2100 amiganetfs 2005/12/23 17:53:05 69.28.151.135 cds305.sjc.llnw.net 80 2093 NBX CC 2005/12/23 17:53:59 69.28.159.223 cds123.iad.llnw.net 80 2311 Message Service 2005/12/23 17:55:14 69.28.155.56 cds25.lga.llnw.net 80 2643 GTE-SAMP 2005/12/23 17:55:14 69.28.159.17 cds36.iad.llnw.net 80 2645 Novell IPX CMD 2005/12/23 17:55:15 69.28.159.60 cds30.iad.llnw.net 80 2659 SNS Query 2005/12/23 17:55:15 69.28.176.35 cds105.sjc.llnw.net 80 2677 Gadget Gate 1 Way 2005/12/23 17:55:15 68.142.73.11 cds31.ord.llnw.net 80 2658 SNS Admin 2005/12/23 17:55:15 69.28.154.222 cds122.lga.llnw.net 80 2675 TTC ETAP 2005/12/23 17:55:15 68.142.79.114 cds114.lax.llnw.net 80 2678 Gadget Gate 2 Way 2005/12/23 17:55:15 69.28.159.226 cds126.iad.llnw.net 80 2650 eristwoguns 2005/12/23 17:55:15 69.28.155.49 cds7.lga.llnw.net 80 2649 VPSIPPORT 2005/12/23 17:55:15 69.28.159.212 cds112.iad.llnw.net 80 2664 Command MQ GM 2005/12/23 17:55:15 68.142.73.26 cds46.ord.llnw.net 80 2654 Corel VNC Admin 2005/12/23 17:55:15 69.28.159.216 cds116.iad.llnw.net 80 2666 extensis 2005/12/23 17:55:15 68.142.79.116 cds116.lax.llnw.net 80 2672 nhserver 2005/12/23 17:55:15 68.142.79.80 cds10.lax.llnw.net 80 2673 First Call 42 2005/12/23 17:55:15 68.142.72.33 cds13.ord.llnw.net 80 2657 SNS Dispatcher 2005/12/23 17:55:16 69.28.159.17 cds36.iad.llnw.net 80 2645 Novell IPX CMD 2005/12/23 17:55:17 69.28.155.56 cds25.lga.llnw.net 80 2643 GTE-SAMP 2005/12/23 17:55:17 68.142.73.11 cds31.ord.llnw.net 80 2658 SNS Admin 2005/12/23 17:55:17 69.28.159.60 cds30.iad.llnw.net 80 2659 SNS Query 2005/12/23 17:55:17 69.28.159.212 cds112.iad.llnw.net 80 2664 Command MQ GM 2005/12/23 17:55:22 69.28.155.49 cds7.lga.llnw.net 80 2649 VPSIPPORT 2005/12/23 17:55:22 69.28.159.226 cds126.iad.llnw.net 80 2650 eristwoguns 2005/12/23 17:55:22 68.142.73.26 cds46.ord.llnw.net 80 2654 Corel VNC Admin 2005/12/23 17:55:24 69.28.159.216 cds116.iad.llnw.net 80 2666 extensis 2005/12/23 17:55:24 68.142.79.116 cds116.lax.llnw.net 80 2672 nhserver 2005/12/23 17:55:24 68.142.79.80 cds10.lax.llnw.net 80 2673 First Call 42 2005/12/23 17:55:31 69.28.159.17 cds36.iad.llnw.net 80 2645 Novell IPX CMD 2005/12/23 17:55:32 69.28.155.56 cds25.lga.llnw.net 80 2643 GTE-SAMP 2005/12/23 17:55:32 68.142.72.33 cds13.ord.llnw.net 80 2657 SNS Dispatcher 2005/12/23 17:55:35 68.142.73.11 cds31.ord.llnw.net 80 2658 SNS Admin 2005/12/23 17:55:37 69.28.159.60 cds30.iad.llnw.net 80 2659 SNS Query 2005/12/23 17:55:37 69.28.159.212 cds112.iad.llnw.net 80 2664 Command MQ GM 2005/12/23 17:55:51 69.28.159.226 cds126.iad.llnw.net 80 2650 eristwoguns 2005/12/23 17:56:00 69.28.159.216 cds116.iad.llnw.net 80 2666 extensis 2005/12/23 17:56:23 68.142.72.39 cds19.ord.llnw.net 80 3054 AMT CNF PROT 2005/12/23 17:56:24 68.142.121.134 cds24.dal.llnw.net 80 3057 GoAhead FldUp 2005/12/23 17:56:24 69.28.154.227 cds127.lga.llnw.net 80 3044 Port 3044 (TCP) 2005/12/23 17:56:24 69.28.159.53 cds23.iad.llnw.net 80 3056 CDL Server 2005/12/23 17:56:24 68.142.73.23 cds43.ord.llnw.net 80 3049 NSWS 2005/12/23 17:56:24 68.142.121.14 cds4.dal.llnw.net 80 3064 Port 3064 (TCP) 2005/12/23 17:56:25 69.28.154.227 cds127.lga.llnw.net 80 3044 Port 3044 (TCP) 2005/12/23 17:56:26 68.142.121.134 cds24.dal.llnw.net 80 3057 GoAhead FldUp 2005/12/23 17:56:26 68.142.72.39 cds19.ord.llnw.net 80 3054 AMT CNF PROT 2005/12/23 17:56:26 69.28.159.53 cds23.iad.llnw.net 80 3056 CDL Server 2005/12/23 17:56:26 68.142.121.14 cds4.dal.llnw.net 80 3064 Port 3064 (TCP) 2005/12/23 17:56:31 68.142.73.23 cds43.ord.llnw.net 80 3049 NSWS 2005/12/23 17:56:32 68.142.121.134 cds24.dal.llnw.net 80 3057 GoAhead FldUp *Snip* Link to comment Share on other sites More sharing options...
StevenUnderwood Posted December 28, 2005 Share Posted December 28, 2005 I sent an email to Limelight Networks, because I've noticed that the few times I'm online [at] home, my firewall shows many, many attempted connects to my computer. Is there any validity to what the abuse desk replied? I'm no IP guru, but it sounds like he replied BS to me. I don't know all the intricacies of port scans, but I know that I don't use any of the software that's listed to be associated with that IP and port in the below logs. That leads me to believe it's malicious... since the company would not say what the specific names of the 'programs' mean or are for, that only leads me to believe more that it's not a website that I'm visiting. (please correct me if I'm wrong) --- Notes added below ------------------------------------------------------ Hello, Our CDS boxes are used for content distribution for 100's of content companies, they are causing false positives on your firewall from servers that are behind a load balancer. These are either broken connections or errors coming from the servers instead of the load balancer. There is nothing malicious about this traffic. Limelight Networks 38519[/snapback] He is saying that some of the sites you are visiting basically use their servers to distribute content for their sites, kind of like akamai. These items could even be simple pictures. Please identify the column names in your data to be sure what we are talking about here. Link to comment Share on other sites More sharing options...
btech Posted December 28, 2005 Author Share Posted December 28, 2005 See, I thought about that, but why are these attempts at times when my computer is idle with no browsers or programs connected to web content? Taking the top log entry for column names: 2005/12/23 12:44:47 = date & time 68.142.79.115 cds115.lax.llnw.net = IP/Host name 80 = (I don't recall what this is) 2068 = Port # Port 2068 (TCP) = Description of attempt (or sometimes the 'program name') Link to comment Share on other sites More sharing options...
StevenUnderwood Posted December 28, 2005 Share Posted December 28, 2005 See, I thought about that, but why are these attempts at times when my computer is idle with no browsers or programs connected to web content? Taking the top log entry for column names: 2005/12/23 12:44:47 = date & time 68.142.79.115 cds115.lax.llnw.net = IP/Host name 80 = (I don't recall what this is) 2068 = Port # Port 2068 (TCP) = Description of attempt (or sometimes the 'program name') 38523[/snapback] Many programs now install update checkers that are connecting when the computer is idle. Java and Flash are two I can thing of that people may not even realize are installed because they are add-ons to Explorer or whatever browser you are using that are constantly checking for updates. Adobe products also do this, though they are not as hidden as Java and Flash (and some of the other similiar products). I was looking for the official names from the log application. The 80 would tend to be a port number (HTTP) as well. The other ports could be the source port from your machine that made the request. Link to comment Share on other sites More sharing options...
btech Posted December 28, 2005 Author Share Posted December 28, 2005 I have all my auto-update options deactivated or turned off, because they bog my system down. Here's an example: http://www.auditmypc.com/port/tcp-port-3057.asp So what I don't understand is: Why are all these blocked port attempts coming up from what seems to be browsing? Why would me browsing a site have that site or connected host scan all my ports and attempt to connect? Link to comment Share on other sites More sharing options...
Wazoo Posted December 28, 2005 Share Posted December 28, 2005 "my firewall" is not defined. Suggested log samples are not actually identified as incoming or outgoing, but the assumption is that these are "incoming" ... "Port = program/application name" is generally derived from some table that someone put together, noting that in general only the first 1024 are anywhere near 'standardized' ... all the rest are wide open for use by any application. Yes, some apps have 'picked' some ports over the years, but .... just as the 'standard' port for HTTP traffic is Port 80, one can point one's browser to actually look for that data/traffic at any port, most typically stumbled across as a Port 8080 as a 'quick' cheat keeping a server from being seen by an ISP scanning for the obvious .... point being that "your" list of applications assigned to Port activity probably won't match that data provided to someone running a different firewall. Some ISPs would also point out the obvious ... that your firewall is blocking the traffic, you apparently should have nothing to fear. I'm not sure I could come up with a justification for the wild range of ports being hit, but ... looking at http://www.limelightnetworks.com/ and seeing all the companies involved with "content" ... to include the Xbox 360 .... there sure could be lots of possibilities involved .... some might be considered "advertising/marketing" ... You don't mention how "dynamic" your IP address may be .... for instance, if dial-up, you may be connecting with an IP address just previously used by someone that in fact had some active connection with this outfit, jumping with glee at all the stuff flying across their screen, but Mom finally put her foot down and made the kids turn the dang thing off ....???? This traffic you are seeing is just the attempt from their servers to reconnect to that "other" system ... wondering why "your" system isn't responding ... Link to comment Share on other sites More sharing options...
Jeff G. Posted December 28, 2005 Share Posted December 28, 2005 You don't mention how "dynamic" your IP address may be38533[/snapback] "X[at]comcast.net" would tend to rule that out, unless Brandon is turning off his firewall or otherwise requesting a new IP Address frequently. OTOH, there may be someone else on his network (physically or via wireless) that may be causing this traffic. Link to comment Share on other sites More sharing options...
Wazoo Posted December 28, 2005 Share Posted December 28, 2005 "X[at]comcast.net" would tend to rule that out, unless Brandon is turning off his firewall or otherwise requesting a new IP Address frequently. OTOH, there may be someone else on his network (physically or via wireless) that may be causing this traffic. 38543[/snapback] ???? I'm not seeing a Comcast IP on Brandon's posts .... Link to comment Share on other sites More sharing options...
Farelf Posted December 28, 2005 Share Posted December 28, 2005 ... for instance, if dial-up, you may be connecting with an IP address just previously used by someone that in fact had some active connection ... This traffic you are seeing is just the attempt from their servers to reconnect to that "other" system ... wondering why "your" system isn't responding ... 38533[/snapback] Thanks for that Wazoo - don't know if that helps the OP but certainly reassures me concerning the attempts on a "new" dial-up with dynamic assignment from iinet.net.au (being used to a more or less static one with AT&T previously). Link to comment Share on other sites More sharing options...
Jeff G. Posted December 28, 2005 Share Posted December 28, 2005 ???? I'm not seeing a Comcast IP on Brandon's posts ....38545[/snapback] Perhaps he was working late or was using some sort of proxy at work? Link to comment Share on other sites More sharing options...
btech Posted December 28, 2005 Author Share Posted December 28, 2005 "my firewall" is not defined. Sorry.. McAfee Personal Firewall Plus (2004) Some ISPs would also point out the obvious ... that your firewall is blocking the traffic, you apparently should have nothing to fear. That's true. However, I thought it odd to see all those attempts for web content, when no browser was loaded and no programs were connecting. This traffic you are seeing is just the attempt from their servers to reconnect to that "other" system ... wondering why "your" system isn't responding ... 38533[/snapback] I have Comcast broadband and I have a dynamic IP, which It noticed it changed probably 2 weeks ago or so. I guess that does make sense with the past owner/user of my IP having past connections to that content and now those servers are trying to connect. I tried to do some research on ports, but it's over my head. Thanks for the feedback tho. Link to comment Share on other sites More sharing options...
builder Posted February 3, 2006 Share Posted February 3, 2006 My coworker has almost the same problem right now...problem is we are on a network that sees the traffic with its IDS (intrusion detection system) and bans his MAC address from the network, so far it has happened twice. We've been checking his box out but just dont see where this is coming from. The IDS basically sees it as a ping sweep and treats his computer like it has a worm on it. About 300 connections on port 80 over a short time period to cds44.ord.llnw.net and sister server addresses. Link to comment Share on other sites More sharing options...
mike s Posted June 17, 2006 Share Posted June 17, 2006 I'm also having this problem with Limelight Networks. I have PeerGuardian, and at some times it is almost a constant stream of hits from them. Has anyone figured out who they are and what they are doing? I went to www.limelightnetworks.com but the site isn't up anymore apparently. Link to comment Share on other sites More sharing options...
Farelf Posted June 18, 2006 Share Posted June 18, 2006 Has anyone figured out who they are and what they are doing?Only what can be found from http://www.dnsreport.com/tools/dnsreport.c...htnetworks.com+ and http://www.dnsstuff.com/tools/whois.ch?ip=...36.99&email=off (toggle addresses if interested) Tempe Az, +1-602-850-5095 Note their email address [at]limelightnetworks.com accepts abuse notifications, also abuse[at]gblx.net according to SpamCop but another address from the whois data (OrgAbuseEmail) is ipadmin[at]limelightnetworks.com [by the way, I can resolve their website fine - notwithstanding some problems shown by DNSReport in their setup - which doesn't augur well for a "content delivery network" but maybe they're just reloading/relocating which could be why you're having a problem with them. In view of their business orientation, getting tapped on the shoulder by them sounds like it could be entirely innocent (just incompetent/disorganized if you're discounting the notion that a user behind your firewall is - unknowingly - initiating content "requests" and their responses are being blocked your end). Why not give them a call and invite them to stop/assist? Limelight Networks 2220 W 14th St Tempe, AZ 85281 Voice: 866-200-LIME Voice: 602-850-5000 Fax: 602-850-5001 email address seems to be currently [at]llnw.com Note "US Offices: New York, Washington DC, Chicago, Los Angeles, Silicon Valley" European Headquarters Limelight Networks Europe 1st Floor, Holborn Gate 330 High Holborn London, WC1V 7QT Voice: +44 (0) 207 203 8408 Asia Pacific Limelight Networks Inc. Level 21, Centennial Tower, 3 Temasek Avenue, Singapore 039190 Voice: + 65 6549 7421] Link to comment Share on other sites More sharing options...
Miss Betsy Posted June 18, 2006 Share Posted June 18, 2006 I'm also having this problem with Limelight Networks. I have PeerGuardian, and at some times it is almost a constant stream of hits from them. Has anyone figured out who they are and what they are doing? I went to www.limelightnetworks.com but the site isn't up anymore apparently. Did you read the suggestion about dynamic IP addresses? If someone before you got the IP address was downloading stuff, I think that it still keeps coming. That's why I turned firewall notification off. Since the firewall is working, then I didn't need to know that someone before me had been downloading stuff. From Wazoo (who probably has the best guess) You don't mention how "dynamic" your IP address may be .... for instance, if dial-up, you may be connecting with an IP address just previously used by someone that in fact had some active connection with this outfit, jumping with glee at all the stuff flying across their screen, but Mom finally put her foot down and made the kids turn the dang thing off ....???? This traffic you are seeing is just the attempt from their servers to reconnect to that "other" system ... wondering why "your" system isn't responding ... I'm not sure I could come up with a justification for the wild range of ports being hit, but ... looking at http://www.limelightnetworks.com/ and seeing all the companies involved with "content" ... to include the Xbox 360 .... there sure could be lots of possibilities involved .... some might be considered "advertising/marketing" ... Miss Betsy Link to comment Share on other sites More sharing options...
Farelf Posted June 18, 2006 Share Posted June 18, 2006 ... That's why I turned firewall notification off. Since the firewall is working, then I didn't need to know that someone before me had been downloading stuff.Which begs the question is it continuing? Who (ultimately) pays for the resource/bandwidth consumed? If there is a chance of getting the source turned off, doesn't it help the broader community to do so? Can't imagine it goes on indefinitely, but ignoring it and trusting it will just stop does not seem to be the most responsible policy. IMO Link to comment Share on other sites More sharing options...
Miss Betsy Posted June 19, 2006 Share Posted June 19, 2006 Which begs the question is it continuing? Who (ultimately) pays for the resource/bandwidth consumed? If there is a chance of getting the source turned off, doesn't it help the broader community to do so? Can't imagine it goes on indefinitely, but ignoring it and trusting it will just stop does not seem to be the most responsible policy. IMO I am merely an end user. Those who run their own servers might have a different viewpoint. AFAIK as long as I don't let it in, I don't consume any bandwidth. IIUC, since it is not 'malicious', if they want to continue to send something that is blocked, that's ok. IIUC, it's 'my server, my rules'. That goes for my firewall also. If the internet is to be 'free', then those who want to download, visit peculiar sites, buy dubious products are welcome to do so as long as the ones who don't want to, don't have to accept whatever. That's why blocklists and firewalls are the 'natural' way to regulate who gets what. (Of course, if everyone has a firewall and blocks spam, then there isn't much profit to be had by sending unsolicited messages or downloads.) Miss Betsy Link to comment Share on other sites More sharing options...
Farelf Posted June 19, 2006 Share Posted June 19, 2006 AFAIK as long as I don't let it in, I don't consume any bandwidth. ...Certainly, the only consumption in on the routing on the way, that's tiny, per "ping" and not "your" problem anyway - though I think your throughput would be choked if you were heavily invested. But if you feel inclined to help "save the planet" there's a lot of "wise monkeys" for which to compensate (thinking of the first 2 simians) and a heap of inertia to be overcome. Having said that, I've never had to do any such thing - it stopped inside of 24 hours on the one occasion something similar happened to me (though it was of concern at the time and I don't know enough about firewalls to be entirely confident I was secure). But the cases of those coming to this topic are apparently a bit different, with greater volume sustained longer. Anyone badly affected would be well advised to take a more active part in getting it stopped IMO. And the spin-off might indirectly help others if the occasional "content provider" is encouraged to provide what is asked for only to those who ask for it. Link to comment Share on other sites More sharing options...
Miss Betsy Posted June 19, 2006 Share Posted June 19, 2006 Certainly, the only consumption in on the routing on the way, that's tiny, per "ping" and not "your" problem anyway - though I think your throughput would be choked if you were heavily invested. But if you feel inclined to help "save the planet" there's a lot of "wise monkeys" for which to compensate (thinking of the first 2 simians) and a heap of inertia to be overcome. Having said that, I've never had to do any such thing - it stopped inside of 24 hours on the one occasion something similar happened to me (though it was of concern at the time and I don't know enough about firewalls to be entirely confident I was secure). But the cases of those coming to this topic are apparently a bit different, with greater volume sustained longer. Anyone badly affected would be well advised to take a more active part in getting it stopped IMO. And the spin-off might indirectly help others if the occasional "content provider" is encouraged to provide what is asked for only to those who ask for it. I have looked at ways to report firewall logs and, from my cursory surf through them, one has to know a lot of things that only server admins would know to be an effective reporter. the way I understand about firewalls is that it is like being in a house with locks on all the doors and windows and an alarm when anyone comes near. As long as the person inside does not open a window or door, it doesn't matter how many people come outside (some of them like the meter reader, legitimate). If the constant alarm bothers the person, he turns it off. For a professional who can tell the difference between the meter reader and the thief, it pays to pay attention to the alarm log for the reasons you state. I don't think they probably ever use alerts, just regularly review the logs. For the non-professional, the alerts are simply annoying and sometimes alarming. (and on occasion, funny - before I turned the firewall alerts off, I visited a spiritual web site in search of a book. Almost immediately, my firewall announced an attempt from the 'Wicked Witch'). reading the logs is confusing and a bore. Unlike spam, these attempts are completely blocked and don't have to be filtered to be used legitimately. Professionals may be interested in stopping hackers since like burglars they can find ways around the alarms and locks, but that's best left to the professionals. Miss Betsy Link to comment Share on other sites More sharing options...
Farelf Posted June 19, 2006 Share Posted June 19, 2006 ... reading the logs is confusing and a bore. ...Yes well that part's been done, hasn't it? - all it takes is a phone call or a fax or an email to the identified source (who has already worried several posters to this topic) should the complainant wish to progress the matter. Link to comment Share on other sites More sharing options...
Miss Betsy Posted June 19, 2006 Share Posted June 19, 2006 Yes well that part's been done, hasn't it? - all it takes is a phone call or a fax or an email to the identified source (who has already worried several posters to this topic) should the complainant wish to progress the matter. If we are talking about this particular instance, yes. I think I went off on a little tangent about whether one should report firewall logs or not in general. Unless the repeated attempts are annoying, then unless they are malicious, they can be ignored. If they are malicious, I don't think direct contact is a good idea. And, since I don't read server logs, I don't know whether they are annoying to server admins. And if an end user turns off the notificaiton and doesn't read their logs, then they aren't annoying. Miss Betsy Link to comment Share on other sites More sharing options...
Farelf Posted June 19, 2006 Share Posted June 19, 2006 .... And if an end user turns off the notificaiton and doesn't read their logs, then they aren't annoying.Totally true. Hear no evil, see no evil. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.