Damn hackers, anyway to counter/trace them/

tainice · 10-07-02, 08:51 PM

every since i installed the firewall, i notice that my computer has been attacked by the same peson from time to time, just wondering if there is a way to trace the address and eventually do something to stop it? my knowledge in this kind of matter is servely limited, so please, explain everything...

thanz yo

Edward2 · 10-07-02, 09:15 PM

Do you know the IP address of the person hacking you? If so, you can download a couple of programs that may help.

There is one called "Whois" (I believe) that will tell you about that IP address. More than likely the person does not have a static IP address, but Whois may tell you who the ISP is. Then you could contact them with dates and times and maybe they could do something about it.

There is also one called "Traceroute" (I believe) that will trace the IP address. If I remember correctly, it will tell you what City, State, Country the IP address is registered in. Again, you may be able to determine the ISP and report the person.

I don't know what sort of firewall you have, but Norton Internet Security has a feature called "Intrusion Protection". It will detect a port scan and will log the IP address. You can then ban that IP address from accessing your computer.

A few other words of warning. If you have a router, do not use the default userid and password. Everyone will know them. Change them to something unique. Minimize the user rights (allow read only) and/or eliminate "Shares" on your harddrives.

tainice · 10-07-02, 09:20 PM

thanz man! yeah, i am using Norton personal firewall..i will do what you said. just a though, i read this from the pc magazine, that NPF by defualt, has left port 5(?) open, but cannot be manually closed, just wondering anyone knows how to do it?

Edward2 · 10-07-02, 09:28 PM

I haven't heard about that (port 5 being open). I have a router also, so when I do port scans, it does not detect any ports being open.

tainice · 10-07-02, 09:31 PM

man, it was a typo, i mean CAN be manually closed...duh... well, guess i will have to do a scan before saying any else. btw, really appricate your reply.....i was worrying to death by that annoying hacker...@_+

AarontheJC · 10-07-02, 10:36 PM

Great info. I have some guy on the network who writes me the same net send message over and over "Spam!" "Spam!"

I don't know how to get his IP. How do I do that?

tainice · 10-07-02, 11:53 PM

read the first post by Edward2, or get Norton Personal Firewall.

Mpegger · 10-08-02, 04:18 AM

Quote:

Originally posted by AarontheJC
Great info. I have some guy on the network who writes me the same net send message over and over "Spam!" "Spam!"

I don't know how to get his IP. How do I do that?

I would suggest if you dont already have a software firewall, you get Sygate Personal Firewall. It can keep traffic logs and tell you exactly what ip address it originated from, and can run traceroutes and whois.

Edward2 · 10-08-02, 05:44 AM

I would agree that Sygate personal firewall is a good program from what I have seen. I often use the Sygate port scan website to test my network's security.

bubba gump · 10-08-02, 10:24 AM

its all about zonealarm homes :P i think its the best, even the free utility stop most shiz, but it doesnt have the tracing built in, so ud need like traceroute and whois.....

UnseenMenace · 10-08-02, 10:36 AM

Quote:

Originally posted by tainice
every since i installed the firewall, i notice that my computer has been attacked by the same peson from time to time, just wondering if there is a way to trace the address and eventually do something to stop it? my knowledge in this kind of matter is servely limited, so please, explain everything... thanz yo

What makes you think that you are being attacked ??
Because you explain using the words 'from time to time' this suggests that this is either a very weak attack effort of not one at all.

A port scan can be a legitimate task done by system admins and as such it does not allways mean you are being hacked/attacked
Some ISP's and IRC servers scan for ports often used by trojans and other programs used to exploit systems, before taking any steps first establish what port that person is probing, what that port is used for, what it is that person is actually attempting and then who that person is.

The majority of software firewalls raise to many alarm bells imho, and confuse smoke with fire far to often

tainice · 10-08-02, 12:04 PM

I have to say that I am about 70% agree with what you said. According to the explanatory note of the firewall, alarms issued by it may or may not be mean that someone is actually trying to hack into my rig¡Khowever, since I have no way of identifying who or what is probing my rig and for what purposes, I will screen out anything suspicious, just a way to protect myself. Besides, I don¡¦t usually receive any alarm at all, except that one, so there is no trouble to me in any rate.

AZN · 10-08-02, 03:25 PM

unsceenmenace got to it before i could. I was going to say the exact same thing. I thought i was getting hacked to cuzz i saw the same IP everyday. I looked into the IP and found out it was comming from IRC.

AZN

elekt · 10-09-02, 08:12 PM

black ice firewall will tell you when your pc is attacked, and the ip address of the attacker as well as alot of valuable protection options and utilites.

Mpegger · 10-09-02, 09:27 PM

Contrary to what you say...

http://forum.oc-forums.com/vb/showth...hreadid=111440

Looks like Black Ice only alerts, if it even does that.

Besides. The 2 freeware firewalls are more then adequete (if not better) then Black Ice. Personally, I prefer and recommend Sygate Personal Firewall. ZoneAlarm works fine, but I like all the options and further tweaking I can do with Sygate.

Wedo · 10-10-02, 09:46 PM

I have a great solution for the invesigation of the IP. Sam Spade. Every System Admin I know uses this program to track IP's. It'll do a who-is, tracert (slow and fast), check for an abuse alert, finger the IP, scan the IP etc. etc. etc.

And it's FREE!

You can get it here.

Wedo

AMD'er · 10-10-02, 11:09 PM

just get a router and be done with it...it has a log of all incomming and outgoing messages or alerts....ZoneAlarm PRO allows you to click on a particular IP address and it takes you to ZONEALARM's website and gives you information about that IP

Jawsome · 10-11-02, 12:16 PM

it'd be funny if sygate or zonealarm had a "counterattack" button

tainice · 10-11-02, 12:55 PM

yo Wedo, thanz for the great proggy. really easy to use and very useful!

Wedo · 10-11-02, 01:28 PM

Quote:

Originally posted by tainice
yo Wedo, thanz for the great proggy. really easy to use and very useful!

My pleasure... Sam and I get together almost daily. In fact, last night after responding to the mail I picked up a Sub Seven attack from Japan.

So good 'ol Sam Spade lead me to the location (by reading the hop descriptions in the trace route) and an abuse email (with a who is).

I would like to find a counter attack program though

Wedo

10-07-02, 08:51 PM	Thread Starter #1
tainice Member Join Date: Oct 2001 Location: Carbondale, IL	Damn hackers, anyway to counter/trace them/ every since i installed the firewall, i notice that my computer has been attacked by the same peson from time to time, just wondering if there is a way to trace the address and eventually do something to stop it? my knowledge in this kind of matter is servely limited, so please, explain everything... thanz yo
	QUOTE Thanks

10-07-02, 09:15 PM	#2
Edward2 Member Join Date: Apr 2002 Location: Folding@Home in Ball Ground, GA	Do you know the IP address of the person hacking you? If so, you can download a couple of programs that may help. There is one called "Whois" (I believe) that will tell you about that IP address. More than likely the person does not have a static IP address, but Whois may tell you who the ISP is. Then you could contact them with dates and times and maybe they could do something about it. There is also one called "Traceroute" (I believe) that will trace the IP address. If I remember correctly, it will tell you what City, State, Country the IP address is registered in. Again, you may be able to determine the ISP and report the person. I don't know what sort of firewall you have, but Norton Internet Security has a feature called "Intrusion Protection". It will detect a port scan and will log the IP address. You can then ban that IP address from accessing your computer. A few other words of warning. If you have a router, do not use the default userid and password. Everyone will know them. Change them to something unique. Minimize the user rights (allow read only) and/or eliminate "Shares" on your harddrives. __________________ Q9300 @ 3.4GHz, Asus P5Q Pro, 4GB OCZ Platinum DDR2-1066, GTX580 @ 900GPU, OCZ Vendetta 2, PC P&C 750W i5-3570K @ 4.5GHz, Asus P8Z77, 4GB G Skill DDR3-1333, GTX580 @ 900GPU, CM Hyper 212+ HS/F, Corsair 850W 4x 6180SE @ 2.75GHz, SM H8QGi-F, 32GB G Skill DDR3-1333, CM Hyper 212+ HS/F, Redundant 1400W
	QUOTE Thanks

10-07-02, 09:20 PM	Thread Starter #3
tainice Member Join Date: Oct 2001 Location: Carbondale, IL	thanz man! yeah, i am using Norton personal firewall..i will do what you said. just a though, i read this from the pc magazine, that NPF by defualt, has left port 5(?) open, but cannot be manually closed, just wondering anyone knows how to do it?
	QUOTE Thanks

10-07-02, 09:28 PM	#4
Edward2 Member Join Date: Apr 2002 Location: Folding@Home in Ball Ground, GA	I haven't heard about that (port 5 being open). I have a router also, so when I do port scans, it does not detect any ports being open. __________________ Q9300 @ 3.4GHz, Asus P5Q Pro, 4GB OCZ Platinum DDR2-1066, GTX580 @ 900GPU, OCZ Vendetta 2, PC P&C 750W i5-3570K @ 4.5GHz, Asus P8Z77, 4GB G Skill DDR3-1333, GTX580 @ 900GPU, CM Hyper 212+ HS/F, Corsair 850W 4x 6180SE @ 2.75GHz, SM H8QGi-F, 32GB G Skill DDR3-1333, CM Hyper 212+ HS/F, Redundant 1400W
	QUOTE Thanks

10-07-02, 09:31 PM	Thread Starter #5
tainice Member Join Date: Oct 2001 Location: Carbondale, IL	man, it was a typo, i mean CAN be manually closed...duh... well, guess i will have to do a scan before saying any else. btw, really appricate your reply.....i was worrying to death by that annoying hacker...@_+
	QUOTE Thanks

Damn hackers, anyway to counter/trace them/

Internet Services

Website Development

Tech Hardware

10-07-02, 10:36 PM	#6
AarontheJC Member Join Date: Jan 2002 Location: Southern USA	Great info. I have some guy on the network who writes me the same net send message over and over "Spam!" "Spam!" I don't know how to get his IP. How do I do that?
	QUOTE Thanks

10-07-02, 11:53 PM	Thread Starter #7
tainice Member Join Date: Oct 2001 Location: Carbondale, IL	read the first post by Edward2, or get Norton Personal Firewall.
	QUOTE Thanks

10-08-02, 05:44 AM	#9
Edward2 Member Join Date: Apr 2002 Location: Folding@Home in Ball Ground, GA	I would agree that Sygate personal firewall is a good program from what I have seen. I often use the Sygate port scan website to test my network's security. __________________ Q9300 @ 3.4GHz, Asus P5Q Pro, 4GB OCZ Platinum DDR2-1066, GTX580 @ 900GPU, OCZ Vendetta 2, PC P&C 750W i5-3570K @ 4.5GHz, Asus P8Z77, 4GB G Skill DDR3-1333, GTX580 @ 900GPU, CM Hyper 212+ HS/F, Corsair 850W 4x 6180SE @ 2.75GHz, SM H8QGi-F, 32GB G Skill DDR3-1333, CM Hyper 212+ HS/F, Redundant 1400W
	QUOTE Thanks

10-08-02, 10:24 AM	#10
bubba gump Member Join Date: Sep 2002 Location: CA, USA	its all about zonealarm homes :P i think its the best, even the free utility stop most shiz, but it doesnt have the tracing built in, so ud need like traceroute and whois.....
	QUOTE Thanks

10-08-02, 12:04 PM	Thread Starter #12
tainice Member Join Date: Oct 2001 Location: Carbondale, IL	I have to say that I am about 70% agree with what you said. According to the explanatory note of the firewall, alarms issued by it may or may not be mean that someone is actually trying to hack into my rig¡Khowever, since I have no way of identifying who or what is probing my rig and for what purposes, I will screen out anything suspicious, just a way to protect myself. Besides, I don¡¦t usually receive any alarm at all, except that one, so there is no trouble to me in any rate.
	QUOTE Thanks

10-08-02, 03:25 PM	#13
AZN AznSniper Join Date: Mar 2002	unsceenmenace got to it before i could. I was going to say the exact same thing. I thought i was getting hacked to cuzz i saw the same IP everyday. I looked into the IP and found out it was comming from IRC. AZN __________________ i7 2700k @ 4.5GHz 1.27v - ASRock Z68 PRO "The only fool bigger than the person who knows it all, is the person who argues with him." Stanislaw Jerszy Lec HEATWARE
	QUOTE Thanks

10-09-02, 08:12 PM	#14
elekt Member Join Date: Sep 2002 Location: los angeles, California	black ice firewall will tell you when your pc is attacked, and the ip address of the attacker as well as alot of valuable protection options and utilites.
	QUOTE Thanks

10-09-02, 09:27 PM	#15
Mpegger Member Join Date: Nov 2001 Location: NYC	Contrary to what you say... http://forum.oc-forums.com/vb/showth...hreadid=111440 Looks like Black Ice only alerts, if it even does that. Besides. The 2 freeware firewalls are more then adequete (if not better) then Black Ice. Personally, I prefer and recommend Sygate Personal Firewall. ZoneAlarm works fine, but I like all the options and further tweaking I can do with Sygate. __________________ NZXT Switch 810 / Gigabyte GA-X58A-UD3R / i7 980x @ 3997x6, 4130x1 / 24GiB / 560Ti SLi ESXi server / i7-3770s / 32GiB / 16TB ZFS-z2 ----------------------------- [GB ≠ GiB] [MB ≠ MiB] [kB ≠ kiB] "Apparently, Plaintiff believes that he could sue an egg company for fraud for labeling a carton of 12 eggs a “dozen,” because some bakers would view a “dozen” as including 13 items." - Western Digital 2006 "One World, One Web, One Program" - Microsoft "Ein Volk, Ein Reich, Ein Führer" - Hitler (Microsucks) Avatar and quote on loan from AntmanMike Heatware
	QUOTE Thanks

10-10-02, 09:46 PM	#16
Wedo Senior Kitty Power! Join Date: Oct 2001 Location: Lost Angeles	I have a great solution for the invesigation of the IP. Sam Spade. Every System Admin I know uses this program to track IP's. It'll do a who-is, tracert (slow and fast), check for an abuse alert, finger the IP, scan the IP etc. etc. etc. And it's FREE! You can get it here. Wedo __________________ ~ Folding for Sharon, Joy, Kathy, Cathy, Nancy, Peanut, and so many others ~[/size]
	QUOTE Thanks

10-10-02, 11:09 PM	#17
AMD'er Member Join Date: Jan 2002 Location: Atlanta	just get a router and be done with it...it has a log of all incomming and outgoing messages or alerts....ZoneAlarm PRO allows you to click on a particular IP address and it takes you to ZONEALARM's website and gives you information about that IP __________________ No Rig Must Build New Still Waiting to Build A New One R.I.P (2002-2006) to the following Machine!!! P4 2.6C @ 3.32 IC7G 512 HyperX 3500 ATI 9800 Pro Words of Wisdom: A Wise Man Once Said..."I PITTY DA FOOL"
	QUOTE Thanks

10-11-02, 12:16 PM	#18
Jawsome Member Join Date: Jun 2002 Location: Maple Grove, Minnesota	it'd be funny if sygate or zonealarm had a "counterattack" button __________________ Main Rig Mobo: Gigabyte MA790X-DS4 \| Processor: Phenom II 940 \| RAM: 8GB DDR2 1000 \| Video: Radeon 5850 1gb My Heatware
	QUOTE Thanks

10-11-02, 12:55 PM	Thread Starter #19
tainice Member Join Date: Oct 2001 Location: Carbondale, IL	yo Wedo, thanz for the great proggy. really easy to use and very useful!
	QUOTE Thanks

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search