Welcome to BT.net

IP Security

The BT IP Security Team is the main point of contact for all security complaints relating to IP address space and domains used on the Public Internet that are owned/operated by BT. BT does not condone any form of Internet Abuse. We will deal with complaints according to our Acceptable Use Policy, and reserve the right to block traffic which contravenes that Policy.

How to Contact us

Complaints regarding E-mail abuse such as SPAM should be directed to BT's abuse teams for UK networks abuse@bt.com or non-UK networks abuse@eu.bt.net. Complaints relating to security incidents such as -attempted- hacks or port scans should be directed to BT's security teams for UK networks security@bt.com or non-UK networks security@eu.bt.net.

Abuse originating from networks other than those operated by BT - or those of our customers - will not be addressed by us and should be directed the ISP/carrier responsible.

The following points should also be born in mind:

  • Broadcast complaints sent to a large number of recipients and/or all the ISPs along the route of an attack will not be dealt with.
  • We do not get involved with, or attempt to mediate, in "flame wars", "name calling" or other similar disputes.
  • Our network spans many countries. Due to the diversity of languages and dialects involved, we can only process reports written in English. We do not process reports in any other languages!
  • Please ensure the information requested below is contained in the body of your e-mail. E-mail attachments will be ignored.

Incident Specific Information

It is important that you provide us with sufficient information to deal effectively with your complaint. We strongly suggest that you read the following guidelines before contacting us.

Hacking or Port Scans - If you believe that you have been subjected to hacking and/or port scans, then the following information is particularly useful:

  • Log files containing date and time information. (The GMT offset should be mentioned). Ideally the system should be time-synchronised via NTP.
  • These log files should include IP address and source/destination port information.
  • Traceroute, and whois output, that demonstrates transit through our backbone to one of the responsible parties, or that they are a network (sub-) customer.

Usenet, E-mail or IRC related issues - If you have an issue with Usenet, Email or IRC type services, then please include the following details with your complaint:

  • Reports should include relevant evidence (e.g. a copy of the offending message with full headers, etc.) to enable us to progress the reported issue.
  • Log files containing date and time information. (GMT offset should be mentioned). Ideally the system should be time-synchronised via NTP.
  • For web-site or posting board issues, the URL where the offending message(s) can be found.
  • Always include the full headers. Often, forwarding a message through a newsreader strips an article of headers and makes it difficult for us to identify the original post.
  • Explicitly state which detail (e.g. IP address, URL, etc) in the message is linked to us, and hence caused you to direct the complaint to us.
  • Traceroute of, and whois to, the IP address or site in question.

Open mail relay issues - If an open Mail relay is causing problems, you should consider the following points:

  • Reports should include relevant evidence (e.g. a copy of a relayed message with full headers, etc.) to enable us to progress the reported issue.
  • The IP address and domain name (FQDN) of the vulnerable server
  • Traceroute of, and whois to, the IP address or site in question.

Additional Information

Automated alerts generated by personal firewall packages often do not include the information we need. We cannot act without the proper information. Therefore please check that the automated alert contains the pre-requisite data. If if does not then you must supplement the alert by additional investigation or by reconfiguring the personal firewall to provide full disclosure.

Many personal firewall packages do a poor job of separating real attacks from harmless network events. Please validate that the alert is genuine and relates to a serious issue, prior to reporting to the BT Security Team.