Ok im being stalked by Ntl and a few other addresses.Take a look at this....

http://i27.photobucket.com/albums/c171/AceCardJones/Kerio.jpg



What the hell is all that about?I got scanned by that ntl one all those times in about 10 minutes.What am i doing that this keeps happening?I have NEVER been on an ntl site so i dont understand.

And also are these people having any success in these scans?
I have done the sheilds up test scan and got a complete stealth grade.
But the scan i did on shields up never came up in my logs like these are.
So whats going on and what should i do?

Normaly these are robots looking for a way in. Putting your IP in stealth use to be a good way to prevnet the scans as their would be no ICMP response but now they are going to SYN scans to bypass stealth mode firewalls.

Ok but what would these bots/people be gaining from this?
I mean if the first scan was a failure whats the point in scanning again...and again...and again?And is my machine in any danger from this and is there anything i can do about it?

Ok but what would these bots/people be gaining from this?
I mean if the first scan was a failure whats the point in scanning again...and again...and again?

Generally they are infected machines that don't log failures. For the most part, the 'bots' have nothing against you, personally (I know a couple of websites that POd some people that ended up with targetted 'bots' but that is another thing entirely). The 'bots' are actually scanning a range of addresses, which happens to include your IP. So you are either being hit by one machine multiple times because it doesn't know any better and is stuck in the range of your IP, or you are being hit by many machines infectd with something.

And is my machine in any danger from this and is there anything i can do about it?

The scans are not getting anywhere. They ARE being stopped by your firewall, hence all the stupid alerts you are getting. This is the very reason why you are running a firewall in the first palce, so let it do its job.

No, there isn't really all that much you can do about it, unless you can get your ISP to block it for you (most won't do indiviual customer blocking). Some ISPs will block either IPs from serious offenders or particular ports used by known bots. Of course you can turn off the ability of your firewall to pop up all these alerts and just quietly log them, then once a week take a look and laugh at all the idjits with infected machines...

Who is your ISP? There has been a few take-overs\mergeres between ISP's recently. See link below for NTL merger with telewest

http://www.ntl.com/mediacentre/ntltelewest/

Of course you can turn off the ability of your firewall to pop up all these alerts and just quietly log them, then once a week take a look and laugh at all the idjits with infected machines...

HAHA my FW is logging them quietly im just a clean freak and hate the idea of people even trying to bother me.

And i love your comment about the "idgits" lol nice silver lining MJC =)

Who is your ISP? There has been a few take-overs\mergeres between ISP's recently. See link below for NTL merger with telewest

And ErnieK my provider hasn't got anything to do with ntl.
And its the biggest provider in my area so its a one company company lol

The 'bots' are actually scanning a range of addresses, which happens to include your IP. So you are either being hit by one machine multiple times because it doesn't know any better and is stuck in the range of your IP, or you are being hit by many machines infectd with something. not really true what they do first is called an ICMP sweep which just pings a range of IPs to see if they are active if your public IP responds to a ping they know something is there and they will then move to a port scan to see what services they can exploit on your box, putting your firewall in stealth will just simply drop the ICMP request in hopes the bot will move on, but new bots/hackers/whatever are aware that just about every firewall is using stealth by default so to see what is out there they no longer just move on after a dead ICMP request instead they do a SYN port scan and send a TCP SYN request to common ports if they get a SYN ACK they now know the service is running. basicly to make a long story short the reason it hits your firewall so many times is because it first checks port 80 with a SYN then port 339 with a SYN then any other common ports (not really in that order or ports) . BTW: a good firewall would show you what ports they are scanning on.