Methods for finding the nasty people..
Results 1 to 8 of 8

Thread: Methods for finding the nasty people..

  1. #1
    Senior Member
    Join Date
    Sep 2001
    Posts
    831

    Methods for finding the nasty people..

    Hey everyone,
    I was just wondering what methods people use for tracking down users who have done or attempted to do bad stuff..

    So share your knowledge people.. How do YOU track down that stupid script kiddie that tried to Sub7 you??
    -Matty_Cross
    \"Isn\'t sanity just a one trick pony anyway? I mean, all you get is one trick. Rational Thinking.
    But when you\'re good and crazy, hehe, the skies the limit!!\"
    Share on Google+

  2. #2
    Flash M0nkey
    Join Date
    Sep 2001
    Posts
    3,447
    Any decent firewall will be able to log attempts made by peps to gain access through certain ports or there are programs speacily designed to act as trojans sitting on the default ports and waiting for peps to connect - these progs shoul also be able to log any attempts made.....simply note down the date/time and ip of the person attempting to amke the connection and email them off to your isp - they should be able to take it form there.

    Either that or they'll ignore it - well thats wht they usually do
    Share on Google+

  3. #3
    Member
    Join Date
    Nov 2001
    Posts
    79

    oh dear...

    I have only hunted one person down on the internet, but i'm in the process of finding two others.

    The best way to start is to create another online identity (do this ahead of time if you use yahoo to have backups since if you check the profile of the individual you can see when it was last edited, looks best if it was atleast a month or so before). This is the best way to gain someone's trust and then to extract information from them... so essientally best orchestrated while you pretend to be someone/thing you are not...

    Another catch that many may not think of is to back up your "location", visit (for example: http://www.canada.ca) if you create an i.d. here with an email, your email with be @yahoo.ca
    Thus backing up your story and location.

    Other methods of mine are better left unsaid, but asking someone their password is the best way to get it!!!!!
    Share on Google+

  4. #4
    Junior Member
    Join Date
    Dec 2001
    Posts
    24

    Cool

    quickest route is neotrace, then call your isp...OR..TPfirewall is useful as alternate, since by default it lists source/port...
    [glowpurple]Outside of a dog, a book is man\'s best friend...[/glowpurple] [gloworange]inside of a dog, it\'s too dark to read...- [/gloworange] [shadow]Groucho Marx[/shadow]
    Share on Google+

  5. #5
    Member
    Join Date
    Nov 2001
    Posts
    79

    hmm...

    for some reason calling the ISP doesn't do anything for me, I'd rather hunt them down and gain their trust (from another computer with a different ISP than my own) and after doing so, let them know that I know who they are and what they are doing. This will give them the benefit of the doubt to stop, also if they are doing the same thing to your computer under the alias as to your previous computer then you will know that they are truly malicious.
    Share on Google+

  6. #6
    Senior Member
    Join Date
    Nov 2001
    Posts
    276
    Uhm, but what if the perp is using a proxy?
    Dear Santa, I liked the mp3 player I got but next christmas I want a SA-7 surface to air missile
    Share on Google+

  7. #7
    Senior Member
    Join Date
    Sep 2001
    Posts
    831
    In that situation, it depends on what type of proxy they are using...
    if the perp is using say the proxy of another ISP, and they do something really nasty.. you can get the server logs from the ISP...

    If they are using the WinGate proxy of an unknowning user, there is a lot less of a chance that you will be able to get any more information....

    I'm sure that there are other methods for find out info when the perp is using a proxy... any other suggestions??
    -Matty_Cross
    \"Isn\'t sanity just a one trick pony anyway? I mean, all you get is one trick. Rational Thinking.
    But when you\'re good and crazy, hehe, the skies the limit!!\"
    Share on Google+

  8. #8
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    If you're on *nix, you'll have system logs to sift through (home-grow your own perl/awk/sed script to rip out IPs/FQDNs/etc) and then use some of the following to figure out what's up:

    neotrace - heard it's good, dunno, never used it

    nmap - available at
    http://www.insecure.org , kicks MUCH ass...provides stealth port scans and OS fingerprinting by the TCP/IP stack.

    traceroute - standard for most *nix boxes, tracert for winblows.

    VisualRoute - http://www.visualroute.com , also a very good geographic traceroute/ping/whois/etc...they also have something called VisualLookout but I dunno what that does.

    netstat - common on most boxes nowadays, allows you to see all open ports and the connecting IPs they're from (this works if they're still on your system through some connection).

    If they're from a proxy, you can find out who the proxy is signed to through nslookup/whois and contact them with proof of tampering from your system logs.

    Disclaimer: most of this is already regurgitated, just throwing in my mostly useless advice on some things.
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.
    Share on Google+

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •