U.D.P Port Scans by I.S.P.

[Sadie]

Is there any valid reason for my I.S.P to persistantly
scan a range of U.D.P ports on my computer?

This has been happening with tiresome regularity-firewall
blocks them,but I'd really like to know if they are
actually supposed to be engaging in such activities.

Furthermore,I am even behind a router these days-still
the I.S.P. is scanning the UDP ports.At least,noone else
is able to,but,it is concerning.What's to prevent a
server owned by an I.S.P being infected?

Do I have any right to insist that they stop?The firewall
logs generated as a result are expanding unreasonably-
quite at odds with my house-keeping requirements.

Sadie

 

[Robert Moir]

Is there any valid reason for my I.S.P to persistantly
scan a range of U.D.P ports on my computer?

Maybe to scan, yes. Not persistently, no.

This has been happening with tiresome regularity-firewall
blocks them,but I'd really like to know if they are
actually supposed to be engaging in such activities.

That would depend on the AUP between you and them. I'd say you are entiteld
to ring and ask them what they are doing.

Furthermore,I am even behind a router these days-still
the I.S.P. is scanning the UDP ports.At least,noone else
is able to,but,it is concerning.What's to prevent a
server owned by an I.S.P being infected?

Nothing. ISPs are ran by human beings (well I have my doubts about some
places... but still). We all make mistakes right?

Do I have any right to insist that they stop?

You have the ultimate right of taking your business elsewhere if they behave
in a manner you dislike. If they have half a brain this will give you some
material to use without having to do that. If they are totally clueless,
then its as well to find out and move to someone smarter now rather than
later, anyway!

The firewall
logs generated as a result are expanding unreasonably-
quite at odds with my house-keeping requirements.

I'd be tempted to ask if you can't turn off logging for the address they are
attacking you from, at least.

--
--
Rob Moir, Microsoft MVP for servers & security
Website - http://www.robertmoir.co.uk
Virtual PC 2004 FAQ - http://www.robertmoir.co.uk/win/VirtualPC2004FAQ.html

Kazaa - Software update services for your Viruses and Spyware.

 

[Sadie]

Many thanks for the reply,Robert.

I think it wouldn't be unreasonable for me to export the
logs to the I.S.P.,if only to ask what's going on.At
least I don't have to spend hours isolating relevant
fragments of the port scan records-theirs is the only
address that figures.

I would be loathe to take my business elsewhere-they are
great aside from this annoying tendency not to keep their
pings to themselves!

Your point about clueless I.S.P. operatives is valid but
worrisome.If this particular DNS server is
*infected*,that would surely mean it has been host to a
variety of trojans and worms for many months-reflected in
the differing blocks of UDP ports scanned.

Cheers.Will post back if I obtain a sensible answer from
the I.S.P.

Sadie