Experiencing Slow Connections? Start hunting for those IP Ranges!

Routing issues to Europe
May 11, 2010
FTP speeds throttled by TM
May 13, 2010
Show all

Experiencing Slow Connections? Start hunting for those IP Ranges!

I noticed that the slow connections to Europe can be alleviated if you switched IP range if you’re using Streamyx…Looks like a TM problem then!

On how to switch, refer to our classic post on this issue ๐Ÿ˜› Don’t be lazy and whine! Get up and do something ๐Ÿ˜›

3 Comments

  1. freeman85 says:

    i’m stuck with 115.1** ip ………so slow ….

  2. Raymond says:

    This is what I received from TM.

    Dear Admin/Sir/Madam,

    This email is to inform you that we received complaint from third party organization regarding Port Scan activities originating from your IP address 124.82.26.68 with login ID “raemon”.

    What is PORT SCAN?

    A port scan is a series of messages sent by someone attempting to break into a computer to learn which computer network services, each associated with a “well-known” port number, the computer provides. Port scanning, a favorite approach of computer cracker, gives the assailant an idea where to probe for weaknesses. Essentially, a port scan consists of sending a message to each port, one at a time. The kind of response received indicates whether the port is used and can therefore be probed for weakness.

    Please take the appropriate steps to assure that the activity is stopped. However, if such act is not committed by you, we have additional concerns that the botnet may have compromised your systems.

    There is also possibility that your pc/machine have been infected by virus type and become compromise. It’s most likely due to an infected machine trying to send virus.

    Kindly be understand that customer responsibility to ensure their system and network in secure as stated in terms & conditions under clause 14 Security and Other Features below. As a service provider it’s our responsibility to prevent these kind of unwanted hassle from spreading to entire network.

    —————————————————————————–
    14.1 The Customer shall take all such measures as may be necessary to protect his own system and network.
    —————————————————————————–

    Therefore, please take immediate steps to clean up all your computers / machines / servers. Please disconnect from the Internet before scanning all your machines. Below as a basic guidance to ensure your network is secure.

    1. Do you have antivirus on their machine/computer? Do the pattern updated? –
    To detect and remove the Trojan/virus/spyware, please install an antivirus software, update to the latest signature/virus pattern, do a complete scanning of your machine and delete all the viruses detected. It is really important to ensure your antivirus is UPDATED with latest pattern/definition if not your anti virus would not detect the latest virus generated.

    2. Do you have firewall installed? All unnecessary ports are closed? Do your firewall patched and up to date?

    3. Do you patch the Operating System (Windows XP/2000/ME etc)? Patch with latest Windows update? Always run Windows Update.

    4. Do you have anti-spyware/adware installed?

    5. Securing proxies: If you are running a proxy, please refer to

    Please update us once you have taken appropriate action.

    Thanks & Regards,

    Netsecurity (HH)

    System and Security Management

    IPNOC,IT & NT.

    Telekom Malaysia.

    E-mail : netsecurity@tm.net.my

    +info+

    ยท Username

    Session ID

    Start

    Incident Time

    Stop

    Duration

    Trace Time

    Calling Station

    MAC

    raemon

    0218745677

    Tue May 25 17:35:27 2010

    Tue May 25 22:23:48 2010

    Wed May 26 07:16:40 2010

    49273

    Wed Jun 2 11:38:05 2010

    #erxkg01-home#A20#60#820

    00:30:0a:6b:38:8f

    Log – Timezone CEST (UTC+2)

    Statistical data:

    * Country: MY (Malaysia)

    * start: 2010-05-25, 16:23

    * end: 2010-05-25 16:23

    * duration: 00 minutes

    * destination hosts: 254

    * flows: 254

    * packets: 254

    * octets: 15240

    Date flow start Duration Proto Src IP Addr:Port Dst IP Addr:Port Packets Bytes Flows

    2010-05-25 16:23:48.852 0.000 TCP 124.82.26.68:4936 -> 134.130.80.31:23 1 60 1

    2010-05-25 16:23:48.787 0.000 TCP 124.82.26.68:4937 -> 134.130.80.32:23 1 60 1

    2010-05-25 16:23:48.852 0.000 TCP 124.82.26.68:4939 -> 134.130.80.34:23 1 60 1

    2010-05-25 16:23:48.852 0.000 TCP 124.82.26.68:4934 -> 134.130.80.29:23 1 60 1

    2010-05-25 16:23:48.850 0.000 TCP 124.82.26.68:4941 -> 134.130.80.36:23 1 60 1

    2010-05-25 16:23:48.852 0.000 TCP 124.82.26.68:4947 -> 134.130.80.42:23 1 60 1

    2010-05-25 16:23:48.853 0.000 TCP 124.82.26.68:4951 -> 134.130.80.46:23 1 60 1

    2010-05-25 16:23:48.403 0.000 TCP 124.82.26.68:4910 -> 134.130.80.5:23 1 60 1

    2010-05-25 16:23:48.403 0.000 TCP 124.82.26.68:4918 -> 134.130.80.13:23 1 60 1

    2010-05-25 16:23:48.402 0.000 TCP 124.82.26.68:4916 -> 134.130.80.11:23 1 60 1

    2010-05-25 16:23:48.402 0.000 TCP 124.82.26.68:4920 -> 134.130.80.15:23 1 60 1

    2010-05-25 16:23:48.402 0.000 TCP 124.82.26.68:4926 -> 134.130.80.21:23 1 60 1

    2010-05-25 16:23:48.402 0.000 TCP 124.82.26.68:4930 -> 134.130.80.25:23 1 60 1

    2010-05-25 16:23:49.299 0.000 TCP 124.82.26.68:4976 -> 134.130.80.71:23 1 60 1

    2010-05-25 16:23:49.363 0.000 TCP 124.82.26.68:4980 -> 134.130.80.75:23 1 60 1

    2010-05-25 16:23:48.788 0.000 TCP 124.82.26.68:4932 -> 134.130.80.27:23 1 60 1

    2010-05-25 16:23:48.851 0.000 TCP 124.82.26.68:4943 -> 134.130.80.38:23 1 60 1

    2010-05-25 16:23:48.851 0.000 TCP 124.82.26.68:4945 -> 134.130.80.40:23 1 60 1

    2010-05-25 16:23:48.852 0.000 TCP 124.82.26.68:4953 -> 134.130.80.48:23 1 60 1

    2010-05-25 16:23:48.850 0.000 TCP 124.82.26.68:4949 -> 134.130.80.44:23 1 60 1

    2010-05-25 16:23:48.915 0.000 TCP 124.82.26.68:4955 -> 134.130.80.50:23 1 60 1

    2010-05-25 16:23:48.402 0.000 TCP 124.82.26.68:4908 -> 134.130.80.3:23 1 60 1

    2010-05-25 16:23:48.405 0.000 TCP 124.82.26.68:4906 -> 134.130.80.1:23 1 60 1

    2010-05-25 16:23:48.404 0.000 TCP 124.82.26.68:4922 -> 134.130.80.17:23 1 60 1

    2010-05-25 16:23:48.404 0.000 TCP 124.82.26.68:4912 -> 134.130.80.7:23 1 60 1

    • Reuben says:

      Raymond: looks like you’re infected with some virus/trojan that is making your computer portscan. As you can see, its coming from your streamyx ip not a VPN server IP.

Leave a Reply

Your email address will not be published. Required fields are marked *