Digispy

hope someone can help me understand the background to this as i’m quite interested to know whats going on

i installed Zone Alarm after finding so trojan virii on my hard drive and set the interent security to high as suggested. eveything seemed fine for a while then i noticed a little blue warning light on the ZA icon……Mmmmmmmmm

going to check my alert log i noticed that i have over 200 entries in it in a matter of minutes and obviously panic set in………….i’m being hacked!!!!!!

i went to the grc.com web sites and got it to check my ports and shields and that looked fine. i also downloaded their “leak test” program and ZA couped with that – cool

i then examined the log file and found that the same ip address had scanned ports from 1389 to 2398 before i had noticed it. checking the ip address (62.253.162.235) i found it belonged to NTL and heres what came back……..

inetnum: 62.253.160.0 – 62.253.167.255
netname: NTL
descr: NTL Internet
descr: Winnersh Datacentre
country: GB
admin-c: NNMC1-RIPE
tech-c: COH1-RIPE
status: ASSIGNED PA
changed: hostmaster@ntli.net 20010108
source: RIPE

route: 62.252.0.0/14
descr: NTL-UK-IP-BLOCK-3
origin: AS5089
mnt-by: AS5089-MNT
changed: bob.procter@ntli.net 20010205
source: RIPE

I also found that i was unable to recieve and get emails after ZA had stopped the udp ports needed to obtain it

at the moment i have set my ZA internet security to medium but also understand that i could allow this ip to become trusted and leave my internet settings on high!

so are NTL continually scanning ports to check for illegal servers running or is this related to DHCP? i’d really appreciate it if somone can enlighten me on this subject and maybe advise on the best firewall solution/combination – black ice, za, tiny personal fw?

TIA – JaYuN