Chasing down an intruder - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 18 of 18

Thread: Chasing down an intruder

  1. #11
    Junior Member
    Join Date
    Mar 2002
    Posts
    3
    If you have ADSL (or similar), your ISP will constantly try to "see" your router (through whatever methods they use - ie, broadcasts, pings, etc), to check if it is alive, so that if it appears not to be there, they can give your IP address to someone else (obviously, only if you don't have a fixed IP). Just a thought.
    Although, Subseven listens on 1243, so it might be worth checking your clients for infection. Why would someone be trying to connect to 1243 on a client machine, unless it already had S7 installed?
    What broke in a man when he brought himself to kill another? - Alan Paton.

  2. #12
    Senior Member
    Join Date
    Feb 2002
    Posts
    114
    From what i can see iagree with the points above it appears to be a script kiddie tryin to attack you and see wether you have sub7 server installed on your machine. If i was you i would run a virus/trojan scanner on you drive to see if you have got a trojan.

    Hope this helps


    Damien
    [pong][gloworange]665[/gloworange] Next door to the [glowpurple]devil[/glowpurple][/pong]

  3. #13
    Banned
    Join Date
    Apr 2002
    Posts
    149
    http://www.arin.net/whois/arinwhois.html

    go there and type the IP in....it should give you a phone number and contact info of the ip block.

  4. #14
    Senior Member
    Join Date
    Jan 2002
    Posts
    244
    Originally posted here by Guus
    Well, as long as your firewall is blocking the attempts, you're safe. What I would do is tracerouting the IP, and report it to it's ISP ( abuse@<isp> ) together with a copy of your logs. That should do the trick.

    had a problem with tracerouting.........could not find the abuse@ from this ip

    168.95.192.1
    thx
    i m gone,thx everyone for so much fun and good info.
    cheers and good bye

  5. #15
    Junior Member
    Join Date
    Apr 2002
    Posts
    4

    Talking Tracking attempted hacker

    Here you go !!!


    Chunghwa Telecom Co., Ltd. (NET-CHUNGTELECOM)
    21, Hsin-Yi Road, Section 1
    Taipei, Taiwan 100
    R.O.C
    TW

    Netname: CHUNGTELECOM
    Netblock: 168.95.0.0 - 168.95.255.255

    Coordinator:
    Wang, Nien-Tsu (NW17-ARIN) ntwang@MS1.HINET.NET
    +886 2 3445858 ext. 3150 (FAX) 886-2-3955671

    Domain System inverse mapping provided by:

    HNTP1.HINET.NET 168.95.192.1
    HNTP3.HINET.NET 168.95.192.2
    DNS.HINET.NET 168.95.1.1

    Record last updated on 09-Jun-1997.
    Database last updated on 3-Apr-2002 19:59:39 EDT.
    Hammerman

  6. #16
    Junior Member
    Join Date
    Feb 2002
    Posts
    15
    My small home network is hidden behind an RT314 firewall.

    Do you have ICMP blocked? you have to configure ICMP on the router to
    block incoming with a rule netgear excluded it in there last
    rt314 firmware ( I had 4 netgear routers myself) the IP address
    probing you likely belongs to a victim who was hacked and not
    the attackers so reporting to abuse is a complete waste of your
    time no Cracker will use there real Ip because he/she knows they will
    get caught and traced right away unless the Intruder is a lamer
    script kiddie who doesn't know better You can install my
    netwatchman to automaticly forward probe and attack
    reports from your router to the proper people www.mynetwatchman.com
    another suggestion: when your not home or away you can disconnect
    your pc from the Internet really reduces the risk.

  7. #17
    Senior Member
    Join Date
    Jan 2002
    Posts
    244

    Re: Tracking attempted hacker

    Thx wayneh and chawleyx87d[i will try abuse maybe??it will help]otherwise no harm done by that ip adress.


    thx guy s
    i m gone,thx everyone for so much fun and good info.
    cheers and good bye

  8. #18
    Junior Member
    Join Date
    Apr 2002
    Posts
    4
    No probs m8 !!!
    Hammerman

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides